gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: gador/nixpkgs:master
Branches Tags
gador/nixpkgs:current gador/nixpkgs:sqlite3-to-mysql-2.5.3 gador/nixpkgs:pr-399404 gador/nixpkgs:vmware-libpng gador/nixpkgs:zabbix-7 gador/nixpkgs:master gador/nixpkgs:fprind-fix-python gador/nixpkgs:current_old gador/nixpkgs:init-tagspaces
..
pull from: gador/nixpkgs:fprind-fix-python
Branches Tags
gador/nixpkgs:current gador/nixpkgs:sqlite3-to-mysql-2.5.3 gador/nixpkgs:pr-399404 gador/nixpkgs:vmware-libpng gador/nixpkgs:zabbix-7 gador/nixpkgs:master gador/nixpkgs:fprind-fix-python gador/nixpkgs:current_old gador/nixpkgs:init-tagspaces

2 Commits
master .. fprind-fix-python

Author SHA1 Message Date
gador 6ffc9119d7 fprintd: 1.94.2 -> 1.94.3 
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
 2024-07-07 11:05:19 +02:00
gador ef56399d39 python312Packages.pypamtest: 1.1.3 -> 1.1.5 
fix python 3.12 compatibility

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
 2024-07-07 11:05:09 +02:00
1221 changed files with 18372 additions and 26592 deletions
Expand all files Collapse all files
.envrc
-1
View File
@@ -1 +0,0 @@
use nix
.git-blame-ignore-revs
-3
View File
@@ -135,6 +135,3 @@ f8c4a98e8e138e21353a2c33b90db3359f539b37
acd0e3898feb321cb9a71a0fd376f1157d0f4553
1b28414d2886c57343864326dbb745a634d3e37d
6afb255d976f85f3359e4929abd6f5149c323a02
# azure-cli: move to by-name, nixfmt #325950
96cd538b68bd1d0a0a37979356d669abbba32ebc
.github/CODEOWNERS
-1
View File
@@ -19,7 +19,6 @@
# Develompent support
/.editorconfig @Mic92 @zowoq
/shell.nix @infinisil @NixOS/Security
/.envrc @infinisil @NixOS/Security
# Libraries
/lib @infinisil
.github/labeler.yml
+1 -8
View File
@@ -74,13 +74,6 @@
- lib/systems/flake-systems.nix
- nixos/modules/config/nix-flakes.nix
"6.topic: flutter":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/build-support/flutter/*.nix
- pkgs/development/compilers/flutter/**/*.nix
"6.topic: GNOME":
- any:
- changed-files:
@@ -156,7 +149,7 @@
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/development/compilers/llvm/**/*
- pkgs/development/compilers/llvm/*
"6.topic: lua":
- any:
.gitignore
-1
View File
@@ -19,7 +19,6 @@ tags
/doc/manual.pdf
/source/
.version-suffix
.direnv
.DS_Store
.mypy_cache
doc/languages-frameworks/index.md
-1
View File
@@ -90,7 +90,6 @@ qt.section.md
r.section.md
ruby.section.md
rust.section.md
scheme.section.md
swift.section.md
texlive.section.md
titanium.section.md
doc/languages-frameworks/scheme.section.md
-35
View File
@@ -1,35 +0,0 @@
# Scheme {#sec-scheme}
## Package Management {#sec-scheme-package-management}
### Akku {#sec-scheme-package-management-akku}
About two hundred R6RS & R7RS libraries from [Akku](https://akkuscm.org/)
(which also mirrors [snow-fort](https://snow-fort.org/pkg))
are available inside the `akkuPackages` attrset, and the Akku executable
itself is at the top level as `akku`. The packages could be used
in a derivation's `buildInputs`, work inside of `nix-shell`, and
are tested using [Chez](https://www.scheme.com/) &
[Chibi](https://synthcode.com/wiki/chibi-scheme)
Scheme during build time.
Including a package as a build input is done in the typical Nix fashion.
For example, to include
[a bunch of SRFIs](https://akkuscm.org/packages/chez-srfi/)
primarily for Chez Scheme in a derivation, one might write:
```nix
{
buildInputs = [
chez
akkuPackages.chez-srfi
];
}
```
The package index is located in `pkgs/tools/package-management/akku`
as `deps.toml`, and should be updated occasionally by running `./update.sh`
in the directory. Doing so will pull the source URLs for new packages and
more recent versions, then write them to the TOML.
doc/stdenv/stdenv.chapter.md
+1 -5
View File
@@ -1527,11 +1527,7 @@ The following flags are disabled by default and should be enabled with `hardenin
#### `pie` {#pie}
This flag is disabled by default for normal `glibc` based NixOS package builds, but enabled by default for
- `musl`-based package builds, except on Aarch64 and Aarch32, where there are issues.
- Statically-linked for OpenBSD builds, where it appears to be required to get a working binary.
This flag is disabled by default for normal `glibc` based NixOS package builds, but enabled by default for `musl` based package builds.
Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Executables are needed to take advantage of Address Space Layout Randomization, supported by modern kernel versions. While ASLR can already be enforced for data areas in the stack and heap (brk and mmap), the code areas must be compiled as position-independent. Shared libraries already do this with the `pic` flag, so they gain ASLR automatically, but binary .text regions need to be build with `pie` to gain ASLR. When this happens, ROP attacks are much harder since there are no static locations to bounce off of during a memory corruption attack.
lib/licenses.nix
+3 -3
View File
@@ -917,7 +917,7 @@ in mkLicense lset) ({
ncbiPd = {
spdxId = "NCBI-PD";
fullName = "NCBI Public Domain Notice";
fullname = "NCBI Public Domain Notice";
# Due to United States copyright law, anything with this "license" does not have a copyright in the
# jurisdiction of the United States. However, other jurisdictions may assign the United States
# government copyright to the work, and the license explicitly states that in such a case, no license
@@ -1161,7 +1161,7 @@ in mkLicense lset) ({
shortName = "TSL";
fullName = "Timescale License Agreegment";
url = "https://github.com/timescale/timescaledb/blob/main/tsl/LICENSE-TIMESCALE";
free = false;
unfree = true;
};
tcltk = {
@@ -1297,7 +1297,7 @@ in mkLicense lset) ({
zsh = {
url = "https://github.com/zsh-users/zsh/blob/master/LICENCE";
fullName = "Zsh License";
fulllName = "Zsh License";
};
zpl20 = {
lib/systems/default.nix
-1
View File
@@ -323,7 +323,6 @@ let
os =
/**/ if rust ? platform then rust.platform.os or "none"
else if final.isDarwin then "macos"
else if final.isWasm && !final.isWasi then "unknown" # Needed for {wasm32,wasm64}-unknown-unknown.
else final.parsed.kernel.name;
# https://doc.rust-lang.org/reference/conditional-compilation.html#target_family
maintainers/maintainer-list.nix
+5 -75
View File
@@ -71,12 +71,6 @@
github = "0b11stan";
githubId = 27831931;
};
_0david0mp = {
email = "davidmrpr@proton.me";
github = "0david0mp";
githubId = 54892055;
name = "David mp";
};
_0nyr = {
email = "onyr.maintainer@gmail.com";
github = "0nyr";
@@ -233,12 +227,6 @@
githubId = 12578560;
name = "Quinn Bohner";
};
_71zenith = {
email = "71zenith@proton.me";
github = "71zenith";
githubId = 92977828;
name = "Mori Zen";
};
_8aed = {
email = "8aed@riseup.net";
github = "8aed";
@@ -2616,11 +2604,6 @@
githubId = 30630233;
name = "Timo Triebensky";
};
birdee = {
name = "birdee";
github = "BirdeeHub";
githubId = 85372418;
};
birkb = {
email = "birk@batchworks.de";
github = "birkb";
@@ -5345,12 +5328,6 @@
githubId = 6199462;
name = "Dmytro Rets";
};
dretyuiop = {
email = "chewch03@gmail.com";
github = "dretyuiop";
githubId = 81854406;
name = "Chew Cheng Hong";
};
drewrisinger = {
email = "drisinger+nixpkgs@gmail.com";
github = "drewrisinger";
@@ -8218,12 +8195,6 @@
githubId = 25618740;
name = "Vincent Cui";
};
hornwall = {
email = "hannes@hornwall.me";
github = "hornwall";
githubId = 1064477;
name = "Hannes Hornwall";
};
hoverbear = {
email = "operator+nix@hoverbear.org";
matrix = "@hoverbear:matrix.org";
@@ -15413,12 +15384,6 @@
githubId = 49961859;
name = "Pavel Sobolev";
};
pawelchcki = {
email = "pawel.chcki@gmail.com";
github = "pawelchcki";
githubId = 812891;
name = "Paweł Chojnacki";
};
pawelpacana = {
email = "pawel.pacana@gmail.com";
github = "pawelpacana";
@@ -15494,12 +15459,6 @@
githubId = 817039;
name = "Paulo Casaretto";
};
pcboy = {
email = "david@joynetiks.com";
github = "pcboy";
githubId = 943430;
name = "David Hagege";
};
pedrohlc = {
email = "root@pedrohlc.com";
github = "PedroHLC";
@@ -16532,12 +16491,6 @@
githubId = 39039420;
name = "Quinn Dougherty";
};
quodlibetor = {
email = "quodlibetor@gmail.com";
github = "quodlibetor";
githubId = 277161;
name = "Brandon W Maister";
};
qusic = {
email = "qusicx@gmail.com";
github = "Qusic";
@@ -18524,14 +18477,6 @@
githubId = 53050011;
name = "Yohann Boniface";
};
sigmasquadron = {
name = "Fernando Rodrigues";
email = "alpha@sigmasquadron.net";
matrix = "@sigmasquadron:matrix.org";
github = "SigmaSquadron";
githubId = 174749595;
keys = [ { fingerprint = "E3CD E225 47C6 2DB6 6CCD BC06 CC3A E2EA 0000 0000"; } ];
};
sikmir = {
email = "sikmir@disroot.org";
matrix = "@sikmir:matrix.org";
@@ -18963,6 +18908,11 @@
githubId = 10437171;
keys = [ { fingerprint = "75F0 AB7C FE01 D077 AEE6 CAFD 353E 4A18 EE0F AB72"; } ];
};
spacefault = {
github = "spacefault";
githubId = 74156492;
name = "spacefault";
};
spacefrogg = {
email = "spacefrogg-nixos@meterriblecrew.net";
github = "spacefrogg";
@@ -19813,12 +19763,6 @@
githubId = 1755789;
name = "Robert Irelan";
};
tembleking = {
name = "Fede Barcelona";
email = "fede_rico_94@hotmail.com";
github = "tembleking";
githubId = 2988780;
};
tengkuizdihar = {
name = "Tengku Izdihar";
email = "tengkuizdihar@gmail.com";
@@ -19964,14 +19908,6 @@
githubId = 34945377;
name = "John Smith";
};
theCapypara = {
name = "Marco Köpcke";
email = "hello@capypara.de";
matrix = "@capypara:matrix.org";
github = "theCapypara";
githubId = 3512122;
keys = [ { fingerprint = "5F29 132D EFA8 5DA0 B598 5BF2 5941 754C 1CDE 33BB"; } ];
};
thedavidmeister = {
email = "thedavidmeister@gmail.com";
github = "thedavidmeister";
@@ -20551,12 +20487,6 @@
githubId = 1312290;
name = "Trevor Joynson";
};
treyfortmuller = {
email = "treyunofficial@gmail.com";
github = "treyfortmuller";
githubId = 5715025;
name = "Trey Fortmuller";
};
tricktron = {
email = "tgagnaux@gmail.com";
github = "tricktron";
maintainers/scripts/luarocks-packages.csv
-1
View File
@@ -6,7 +6,6 @@ argparse,,,,,,
basexx,,,,,,
binaryheap,,,,,,vcunat
busted,,,,,,
busted-htest,,,,,,mrcjkb
cassowary,,,,,,alerque
cldr,,,,,,alerque
compat53,,,,,,vcunat
1 name rockspec ref server version luaversion maintainers
6 basexx
7 binaryheap vcunat
8 busted
busted-htest mrcjkb
9 cassowary alerque
10 cldr alerque
11 compat53 vcunat
nixos/doc/manual/installation/installing.chapter.md
+4
View File
@@ -174,6 +174,8 @@ commands:
OK
> set_network 0 psk "mypassword"
OK
> set_network 0 key_mgmt WPA-PSK
OK
> enable_network 0
OK
```
@@ -189,6 +191,8 @@ OK
OK
> set_network 0 password "mypassword"
OK
> set_network 0 key_mgmt WPA-EAP
OK
> enable_network 0
OK
```
nixos/doc/manual/release-notes/rl-2411.section.md
-12
View File
@@ -20,8 +20,6 @@
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood).
- [QGroundControl], a ground station support and configuration manager for the PX4 and APM Flight Stacks. Available as [programs.qgroundcontrol](options.html#opt-programs.qgroundcontrol.enable).
- [Eintopf](https://eintopf.info), community event and calendar web application. Available as [services.eintopf](options.html#opt-services.eintopf).
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
@@ -30,12 +28,8 @@
- [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable).
- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable).
- [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
- [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:
@@ -149,8 +143,6 @@
services.shiori.environmentFile = "/path/to/env-file";
```
- `/share/nano` is now only linked when `programs.nano.enable` is enabled.
- `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details.
- `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will
@@ -182,10 +174,6 @@
- `keycloak` was updated to version 25, which introduces new hostname related options.
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
- `programs.vim.defaultEditor` now only works if `programs.vim.enable` is enabled.
- `/share/vim-plugins` now only gets linked if `programs.vim.enable` is enabled
- The `tracy` package no longer works on X11, since it's moved to Wayland
support, which is the intended default behavior by Tracy maintainers.
X11 users have to switch to the new package `tracy-x11`.
nixos/lib/make-options-doc/default.nix
+1 -1
View File
@@ -1,5 +1,5 @@
/**
Generates documentation for [nix modules](https://nix.dev/tutorials/module-system/index.html).
Generates documentation for [nix modules](https://nix.dev/tutorials/module-system/module-system.html).
It uses the declared `options` to generate documentation in various formats.
nixos/lib/utils.nix
+5 -86
View File
@@ -23,7 +23,6 @@ let
isPath
isString
listToAttrs
mapAttrs
nameValuePair
optionalString
removePrefix
@@ -141,35 +140,11 @@ utils = rec {
];
} "_secret" -> { ".example[1].relevant.secret" = "/path/to/secret"; }
*/
recursiveGetAttrWithJqPrefix = item: attr: mapAttrs (_name: set: set.${attr}) (recursiveGetAttrsetWithJqPrefix item attr);
/* Similar to `recursiveGetAttrWithJqPrefix`, but returns the whole
attribute set containing `attr` instead of the value of `attr` in
the set.
Example:
recursiveGetAttrsetWithJqPrefix {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
quote = true;
};
};
}
];
} "_secret" -> { ".example[1].relevant.secret" = { _secret = "/path/to/secret"; quote = true; }; }
*/
recursiveGetAttrsetWithJqPrefix = item: attr:
recursiveGetAttrWithJqPrefix = item: attr:
let
recurse = prefix: item:
if item ? ${attr} then
nameValuePair prefix item
nameValuePair prefix item.${attr}
else if isDerivation item then []
else if isAttrs item then
map (name:
@@ -231,58 +206,6 @@ utils = rec {
}
]
}
The attribute set { _secret = "/path/to/secret"; } can contain extra
options, currently it accepts the `quote = true|false` option.
If `quote = true` (default behavior), the content of the secret file will
be quoted as a string and embedded. Otherwise, if `quote = false`, the
content of the secret file will be parsed to JSON and then embedded.
Example:
If the file "/path/to/secret" contains the JSON document:
[
{ "a": "topsecretpassword1234" },
{ "b": "topsecretpassword5678" }
]
genJqSecretsReplacementSnippet {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
quote = false;
};
};
}
];
} "/path/to/output.json"
would generate a snippet that, when run, outputs the following
JSON file at "/path/to/output.json":
{
"example": [
{
"irrelevant": "not interesting"
},
{
"ignored": "ignored attr",
"relevant": {
"secret": [
{ "a": "topsecretpassword1234" },
{ "b": "topsecretpassword5678" }
]
}
}
]
}
*/
genJqSecretsReplacementSnippet = genJqSecretsReplacementSnippet' "_secret";
@@ -290,11 +213,7 @@ utils = rec {
# attr which identifies the secret to be changed.
genJqSecretsReplacementSnippet' = attr: set: output:
let
secretsRaw = recursiveGetAttrsetWithJqPrefix set attr;
# Set default option values
secrets = mapAttrs (_name: set: {
quote = true;
} // set) secretsRaw;
secrets = recursiveGetAttrWithJqPrefix set attr;
stringOrDefault = str: def: if str == "" then def else str;
in ''
if [[ -h '${output}' ]]; then
@@ -308,7 +227,7 @@ utils = rec {
+ concatStringsSep
"\n"
(imap1 (index: name: ''
secret${toString index}=$(<'${secrets.${name}.${attr}}')
secret${toString index}=$(<'${secrets.${name}}')
export secret${toString index}
'')
(attrNames secrets))
@@ -317,7 +236,7 @@ utils = rec {
+ escapeShellArg (stringOrDefault
(concatStringsSep
" | "
(imap1 (index: name: ''${name} = ($ENV.secret${toString index}${optionalString (!secrets.${name}.quote) " | fromjson"})'')
(imap1 (index: name: ''${name} = $ENV.secret${toString index}'')
(attrNames secrets)))
".")
+ ''
nixos/modules/config/shells-environment.nix
+2 -4
View File
@@ -42,10 +42,8 @@ in
strings. The latter is concatenated, interspersed with colon
characters.
'';
type = with types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]);
apply = let
toStr = v: if isPath v then "${v}" else toString v;
in mapAttrs (n: v: if isList v then concatMapStringsSep ":" toStr v else toStr v);
type = with types; attrsOf (oneOf [ (listOf (oneOf [ float int str ])) float int str path ]);
apply = mapAttrs (n: v: if isList v then concatMapStringsSep ":" toString v else toString v);
};
environment.profiles = mkOption {
nixos/modules/config/system-path.nix
+2
View File
@@ -153,8 +153,10 @@ in
"/sbin"
"/share/emacs"
"/share/hunspell"
"/share/nano"
"/share/org"
"/share/themes"
"/share/vim-plugins"
"/share/vulkan"
"/share/kservices5"
"/share/kservicetypes5"
nixos/modules/config/update-users-groups.pl
+1 -1
View File
@@ -234,7 +234,7 @@ foreach my $u (@{$spec->{users}}) {
# Ensure home directory incl. ownership and permissions.
if ($u->{createHome} and !$is_dry) {
make_path($u->{home}, { mode => 0755 }) if ! -e $u->{home};
make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
chmod oct($u->{homeMode}), $u->{home};
}
nixos/modules/hardware/video/nvidia.nix
+2 -7
View File
@@ -96,11 +96,7 @@ in
Enabling this fixes screen tearing when using Optimus via PRIME (see
{option}`hardware.nvidia.prime.sync.enable`. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
Enabling this and using version 545 or newer of the proprietary NVIDIA
driver causes it to provide its own framebuffer device, which can cause
Wayland compositors to work when they otherwise wouldn't.
work with SLI
'';
prime.nvidiaBusId = lib.mkOption {
@@ -572,10 +568,9 @@ in
"nvidia_drm"
];
# If requested enable modesetting via kernel parameters.
# If requested enable modesetting via kernel parameter.
kernelParams =
lib.optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1"
++ lib.optional ((offloadCfg.enable || cfg.modesetting.enable) && lib.versionAtLeast nvidia_x11.version "545") "nvidia-drm.fbdev=1"
++ lib.optional cfg.powerManagement.enable "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
++ lib.optional cfg.open "nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
++ lib.optional (config.boot.kernelPackages.kernel.kernelAtLeast "6.2" && !ibtSupport) "ibt=off";
nixos/modules/image/repart-image.nix
+1 -1
View File
@@ -69,7 +69,7 @@ let
patchShebangs --build $out
black --check --diff $out
ruff check --line-length 88 $out
ruff --line-length 88 $out
mypy --strict $out
'';
nixos/modules/installer/tools/nix-fallback-paths.nix
+5 -5
View File
@@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/f409bhlpp0xkzvdz95qr2yvfjfi8r9jc-nix-2.18.5";
i686-linux = "/nix/store/ra39jzrxq3bcpf55aahwv5037akvylf5-nix-2.18.5";
aarch64-linux = "/nix/store/xiw8a4jbnw18svgdb04hyqzg5bsjspqf-nix-2.18.5";
x86_64-darwin = "/nix/store/k2gzx7i90x3h2c8g6xdi1jkwbl6ic895-nix-2.18.5";
aarch64-darwin = "/nix/store/rqwymbndaqxma6p8s5brcl9k32n5xx54-nix-2.18.5";
x86_64-linux = "/nix/store/1w4b47zhp33md29wjhgg549pc281vv02-nix-2.18.4";
i686-linux = "/nix/store/hz02kn0ffn3wdi2xs7lndpr88v4v4fp2-nix-2.18.4";
aarch64-linux = "/nix/store/90zwqa9z2fgldc7ki1p5gfvglchjh9r6-nix-2.18.4";
x86_64-darwin = "/nix/store/bd1ix5mj9lj2yh7bqnmdjc24zlg5jivk-nix-2.18.4";
aarch64-darwin = "/nix/store/5hvsmklhqiay5i4q5vdkg60p8qpc69rz-nix-2.18.4";
}
nixos/modules/misc/locate.nix
+1 -4
View File
@@ -297,10 +297,7 @@ in
description = "Update timer for locate database";
partOf = [ "update-locatedb.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.interval;
Persistent = true;
};
timerConfig.OnCalendar = cfg.interval;
};
};
nixos/modules/module-list.nix
-4
View File
@@ -258,7 +258,6 @@
./programs/projecteur.nix
./programs/proxychains.nix
./programs/qdmr.nix
./programs/qgroundcontrol.nix
./programs/qt5ct.nix
./programs/quark-goldleaf.nix
./programs/regreet.nix
@@ -973,7 +972,6 @@
./services/networking/clatd.nix
./services/networking/cloudflare-dyndns.nix
./services/networking/cloudflared.nix
./services/networking/cloudflare-warp.nix
./services/networking/cntlm.nix
./services/networking/connman.nix
./services/networking/consul.nix
@@ -1151,7 +1149,6 @@
./services/networking/radicale.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
./services/networking/realm.nix
./services/networking/redsocks.nix
./services/networking/resilio.nix
./services/networking/robustirc-bridge.nix
@@ -1383,7 +1380,6 @@
./services/web-apps/freshrss.nix
./services/web-apps/galene.nix
./services/web-apps/gerrit.nix
./services/web-apps/glance.nix
./services/web-apps/gotify-server.nix
./services/web-apps/gotosocial.nix
./services/web-apps/grocy.nix
nixos/modules/profiles/qemu-guest.nix
+1 -1
View File
@@ -5,5 +5,5 @@
{
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" "virtio_gpu" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
}
nixos/modules/programs/envision.nix
-8
View File
@@ -31,14 +31,6 @@ in
};
};
services.udev = {
enable = true;
packages = with pkgs; [
android-udev-rules
xr-hardware
];
};
environment.systemPackages = [ cfg.package ];
networking.firewall = lib.mkIf cfg.openFirewall {
nixos/modules/programs/nano.nix
-1
View File
@@ -43,7 +43,6 @@ in
include "${cfg.package}/share/nano/extra/*.nanorc"
'') + cfg.nanorc;
systemPackages = [ cfg.package ];
pathsToLink = [ "/share/nano" ];
};
};
}
nixos/modules/programs/qgroundcontrol.nix
-53
View File
@@ -1,53 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.qgroundcontrol;
in
{
options = {
programs.qgroundcontrol = {
enable = lib.mkEnableOption "qgroundcontrol";
package = lib.mkPackageOption pkgs "qgroundcontrol" {};
blacklistModemManagerFromTTYUSB = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Disallow ModemManager from interfering with serial connections that QGroundControl might use.
Note that if you use a modem that's connected via USB, you might want to disable this option.
'';
};
};
};
config = lib.mkIf cfg.enable {
# ModemManager is known to interfere with serial connections;
# QGC recommends disabling it, but we don't want to if we can avoid it
# Instead, we blacklist tty devices using udev rules, which is a more targeted approach
services.udev = lib.mkIf cfg.blacklistModemManagerFromTTYUSB {
enable = true;
extraRules = ''
# nixos/qgroundcontrol: Blacklist ttyUSB devices from ModemManager
SUBSYSTEM=="tty", KERNEL=="ttyUSB*", ENV{ID_MM_DEVICE_IGNORE}="1"
'';
};
# Security wrapper
security.wrappers.qgroundcontrol = {
source = lib.getExe cfg.package;
owner = "root"; # Sensible default; not setuid so this is not a security risk
group = "tty";
setgid = true;
};
};
meta.maintainers = pkgs.qgroundcontrol.meta.maintainers;
}
nixos/modules/programs/tsm-client.nix
+1 -1
View File
@@ -22,7 +22,7 @@ let
serverOptions = { name, config, ... }: {
freeformType = attrsOf (either scalarType (listOf scalarType));
# Client system-options file directives are explained here:
# https://www.ibm.com/docs/en/storage-protect/8.1.23?topic=commands-processing-options
# https://www.ibm.com/docs/en/storage-protect/8.1.22?topic=commands-processing-options
options.servername = mkOption {
type = servernameType;
default = name;
nixos/modules/programs/vim.nix
+17 -23
View File
@@ -1,31 +1,25 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
let
cfg = config.programs.vim;
in
{
in {
options.programs.vim = {
enable = lib.mkEnableOption "Vi IMproved, an advanced text";
defaultEditor = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
When enabled, installs vim and configures vim to be the default editor
using the EDITOR environment variable.
'';
};
defaultEditor = lib.mkEnableOption "vim as the default editor";
package = lib.mkPackageOption pkgs "vim" { example = "vim-full"; };
};
# TODO: convert it into assert after 24.11 release
config = lib.mkIf (cfg.enable || cfg.defaultEditor) {
warnings = lib.mkIf (cfg.defaultEditor && !cfg.enable) [
"programs.vim.defaultEditor will only work if programs.vim.enable is enabled, will be encfored after the 24.11 release"
];
environment = {
systemPackages = [ cfg.package ];
variables.EDITOR = lib.mkIf cfg.defaultEditor (lib.mkOverride 900 "vim");
pathsToLink = [ "/share/vim-plugins" ];
package = lib.mkPackageOption pkgs "vim" {
example = "vim-full";
};
};
config = lib.mkIf cfg.defaultEditor {
environment.systemPackages = [ cfg.package ];
environment.variables = { EDITOR = lib.mkOverride 900 "vim"; };
};
}
nixos/modules/services/backup/duplicity.nix
-24
View File
@@ -42,28 +42,6 @@ in
'';
};
includeFileList = mkOption {
type = types.nullOr types.path;
default = null;
example = /path/to/fileList.txt;
description = ''
File containing newline-separated list of paths to include into the
backups. See the FILE SELECTION section in {manpage}`duplicity(1)` for
details on the syntax.
'';
};
excludeFileList = mkOption {
type = types.nullOr types.path;
default = null;
example = /path/to/fileList.txt;
description = ''
File containing newline-separated list of paths to exclude into the
backups. See the FILE SELECTION section in {manpage}`duplicity(1)` for
details on the syntax.
'';
};
targetUrl = mkOption {
type = types.str;
example = "s3://host:port/prefix";
@@ -176,8 +154,6 @@ in
${lib.optionalString (cfg.cleanup.maxIncr != null) "${dup} remove-all-inc-of-but-n-full ${toString cfg.cleanup.maxIncr} ${target} --force ${extra}"}
exec ${dup} ${if cfg.fullIfOlderThan == "always" then "full" else "incr"} ${lib.escapeShellArgs (
[ cfg.root cfg.targetUrl ]
++ lib.optionals (cfg.includeFileList != null) [ "--include-filelist" cfg.includeFileList ]
++ lib.optionals (cfg.excludeFileList != null) [ "--exclude-filelist" cfg.excludeFileList ]
++ concatMap (p: [ "--include" p ]) cfg.include
++ concatMap (p: [ "--exclude" p ]) cfg.exclude
++ (lib.optionals (cfg.fullIfOlderThan != "never" && cfg.fullIfOlderThan != "always") [ "--full-if-older-than" cfg.fullIfOlderThan ])
nixos/modules/services/backup/tsm.nix
+1 -1
View File
@@ -90,7 +90,7 @@ in
environment.HOME = "/var/lib/tsm-backup";
serviceConfig = {
# for exit status description see
# https://www.ibm.com/docs/en/storage-protect/8.1.23?topic=clients-client-return-codes
# https://www.ibm.com/docs/en/storage-protect/8.1.22?topic=clients-client-return-codes
SuccessExitStatus = "4 8";
# The `-se` option must come after the command.
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
nixos/modules/services/cluster/rke2/default.nix
+1 -1
View File
@@ -241,7 +241,7 @@ in
"kernel.panic_on_oops" = 1;
};
systemd.services."rke2-${cfg.role}" = {
systemd.services.rke2 = {
description = "Rancher Kubernetes Engine v2";
documentation = [ "https://github.com/rancher/rke2#readme" ];
after = [ "network-online.target" ];
nixos/modules/services/desktop-managers/lomiri.nix
+2 -4
View File
@@ -21,8 +21,6 @@ in {
history-service
libusermetrics
lomiri
lomiri-calculator-app
lomiri-clock-app
lomiri-download-manager
lomiri-filemanager-app
lomiri-polkit-agent
@@ -38,7 +36,7 @@ in {
morph-browser
qtmir # not having its desktop file for Xwayland available causes any X11 application to crash the session
suru-icon-theme
telephony-service
# telephony-service # currently broken: https://github.com/NixOS/nixpkgs/pull/314043
]);
variables = {
# To override the keyboard layouts in Lomiri
@@ -87,7 +85,7 @@ in {
] ++ lib.optionals (config.hardware.pulseaudio.enable || config.services.pipewire.pulse.enable) [
ayatana-indicator-sound
]) ++ (with pkgs.lomiri; [
telephony-service
# telephony-service # currently broken: https://github.com/NixOS/nixpkgs/pull/314043
] ++ lib.optionals config.networking.networkmanager.enable [
lomiri-indicator-network
]);
nixos/modules/services/games/terraria.nix
+5 -18
View File
@@ -19,28 +19,15 @@ let
(boolFlag "secure" cfg.secure)
(boolFlag "noupnp" cfg.noUPnP)
];
stopScript = pkgs.writeScript "terraria-stop" ''
#!${pkgs.runtimeShell}
tmuxCmd = "${lib.getExe pkgs.tmux} -S ${lib.escapeShellArg cfg.dataDir}/terraria.sock";
stopScript = pkgs.writeShellScript "terraria-stop" ''
if ! [ -d "/proc/$1" ]; then
exit 0
fi
lastline=$(${tmuxCmd} capture-pane -p | grep . | tail -n1)
# If the service is not configured to auto-start a world, it will show the world selection prompt
# If the last non-empty line on-screen starts with "Choose World", we know the prompt is open
if [[ "$lastline" =~ ^'Choose World' ]]; then
# In this case, nothing needs to be saved, so we can kill the process
${tmuxCmd} kill-session
else
# Otherwise, we send the `exit` command
${tmuxCmd} send-keys Enter exit Enter
fi
# Wait for the process to stop
tail --pid="$1" -f /dev/null
${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock send-keys Enter exit Enter
${getBin pkgs.coreutils}/bin/tail --pid="$1" -f /dev/null
'';
in
{
@@ -165,7 +152,7 @@ in
Type = "forking";
GuessMainPID = true;
UMask = 007;
ExecStart = "${tmuxCmd} new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
ExecStop = "${stopScript} $MAINPID";
};
};
nixos/modules/services/misc/languagetool.nix
+11 -32
View File
@@ -1,17 +1,14 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.languagetool;
settingsFormat = pkgs.formats.javaProperties { };
in
{
settingsFormat = pkgs.formats.javaProperties {};
in {
options.services.languagetool = {
enable = mkEnableOption "the LanguageTool server, a multilingual spelling, style, and grammar checker that helps correct or paraphrase texts";
package = mkPackageOption pkgs "languagetool" { };
port = mkOption {
type = types.port;
default = 8081;
@@ -34,7 +31,7 @@ in
'';
};
settings = mkOption {
settings = lib.mkOption {
type = types.submodule {
freeformType = settingsFormat.type;
@@ -52,25 +49,11 @@ in
for supported settings.
'';
};
jrePackage = mkPackageOption pkgs "jre" { };
jvmOptions = mkOption {
description = ''
Extra command line options for the JVM running languagetool.
More information can be found here: https://docs.oracle.com/en/java/javase/19/docs/specs/man/java.html#standard-options-for-java
'';
default = [ ];
type = types.listOf types.str;
example = [
"-Xmx512m"
];
};
};
config = mkIf cfg.enable {
systemd.services.languagetool = {
systemd.services.languagetool = {
description = "LanguageTool HTTP server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
@@ -82,17 +65,13 @@ in
RestrictNamespaces = [ "" ];
SystemCallFilter = [ "@system-service" "~ @privileged" ];
ProtectHome = "yes";
Restart = "on-failure";
ExecStart = ''
${cfg.jrePackage}/bin/java \
-cp ${cfg.package}/share/languagetool-server.jar \
${toString cfg.jvmOptions} \
org.languagetool.server.HTTPServer \
--port ${toString cfg.port} \
${optionalString cfg.public "--public"} \
${optionalString (cfg.allowOrigin != null) "--allow-origin ${cfg.allowOrigin}"} \
"--config" ${settingsFormat.generate "languagetool.conf" cfg.settings}
'';
${pkgs.languagetool}/bin/languagetool-http-server \
--port ${toString cfg.port} \
${optionalString cfg.public "--public"} \
${optionalString (cfg.allowOrigin != null) "--allow-origin ${cfg.allowOrigin}"} \
"--config" ${settingsFormat.generate "languagetool.conf" cfg.settings}
'';
};
};
};
nixos/modules/services/monitoring/opentelemetry-collector.nix
+20 -27
View File
@@ -6,9 +6,8 @@ let
cfg = config.services.opentelemetry-collector;
opentelemetry-collector = cfg.package;
settingsFormat = pkgs.formats.yaml { };
in
{
settingsFormat = pkgs.formats.yaml {};
in {
options.services.opentelemetry-collector = {
enable = mkEnableOption "Opentelemetry Collector";
@@ -16,7 +15,7 @@ in
settings = mkOption {
type = settingsFormat.type;
default = { };
default = {};
description = ''
Specify the configuration for Opentelemetry Collector in Nix.
@@ -36,9 +35,9 @@ in
config = mkIf cfg.enable {
assertions = [{
assertion = (
(cfg.settings == { }) != (cfg.configFile == null)
(cfg.settings == {}) != (cfg.configFile == null)
);
message = ''
message = ''
Please specify a configuration for Opentelemetry Collector with either
'services.opentelemetry-collector.settings' or
'services.opentelemetry-collector.configFile'.
@@ -49,27 +48,21 @@ in
description = "Opentelemetry Collector Service Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig =
let
conf =
if cfg.configFile == null
then settingsFormat.generate "config.yaml" cfg.settings
else cfg.configFile;
in
{
ExecStart = "${getExe opentelemetry-collector} --config=file:${conf}";
DynamicUser = true;
Restart = "always";
ProtectSystem = "full";
DevicePolicy = "closed";
NoNewPrivileges = true;
WorkingDirectory = "%S/opentelemetry-collector";
StateDirectory = "opentelemetry-collector";
SupplementaryGroups = [
# allow to read the systemd journal for opentelemetry-collector
"systemd-journal"
];
};
serviceConfig = let
conf = if cfg.configFile == null
then settingsFormat.generate "config.yaml" cfg.settings
else cfg.configFile;
in
{
ExecStart = "${getExe opentelemetry-collector} --config=file:${conf}";
DynamicUser = true;
Restart = "always";
ProtectSystem = "full";
DevicePolicy = "closed";
NoNewPrivileges = true;
WorkingDirectory = "/var/lib/opentelemetry-collector";
StateDirectory = "opentelemetry-collector";
};
};
};
}
nixos/modules/services/monitoring/prometheus/alertmanager-webhook-logger.nix
-11
View File
@@ -32,15 +32,9 @@ in
${escapeShellArgs cfg.extraFlags}
'';
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DynamicUser = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ProtectHome = "tmpfs";
@@ -49,8 +43,6 @@ in
PrivateDevices = true;
PrivateIPC = true;
ProcSubset = "pid";
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
@@ -58,10 +50,7 @@ in
ProtectKernelLogs = true;
ProtectControlGroups = true;
Restart = "on-failure";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
nixos/modules/services/monitoring/prometheus/alertmanager.nix
+5 -47
View File
@@ -181,57 +181,15 @@ in {
-i "${alertmanagerYml}"
'';
serviceConfig = {
Restart = "always";
StateDirectory = "alertmanager";
DynamicUser = true; # implies PrivateTmp
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
WorkingDirectory = "/tmp";
ExecStart = "${cfg.package}/bin/alertmanager" +
optionalString (length cmdlineArgs != 0) (" \\\n " +
concatStringsSep " \\\n " cmdlineArgs);
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DynamicUser = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ProtectHome = "tmpfs";
PrivateTmp = true;
PrivateDevices = true;
PrivateIPC = true;
ProcSubset = "pid";
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
Restart = "always";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
StateDirectory = "alertmanager";
SystemCallFilter = [
"@system-service"
"~@cpu-emulation"
"~@privileged"
"~@reboot"
"~@setuid"
"~@swap"
];
WorkingDirectory = "/tmp";
};
};
})
nixos/modules/services/monitoring/prometheus/exporters.nix
-16
View File
@@ -29,7 +29,6 @@ let
"blackbox"
"buildkite-agent"
"collectd"
"deluge"
"dmarc"
"dnsmasq"
"dnssec"
@@ -409,14 +408,6 @@ in
Please ensure you have either `services.prometheus.exporters.idrac.configuration'
or `services.prometheus.exporters.idrac.configurationPath' set!
'';
} {
assertion = cfg.deluge.enable -> (
(cfg.deluge.delugePassword == null) != (cfg.deluge.delugePasswordFile == null)
);
message = ''
Please ensure you have either `services.prometheus.exporters.deluge.delugePassword'
or `services.prometheus.exporters.deluge.delugePasswordFile' set!
'';
} ] ++ (flip map (attrNames exporterOpts) (exporter: {
assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall;
message = ''
@@ -446,13 +437,6 @@ in
hardware.rtl-sdr.enable = mkDefault true;
})] ++ [(mkIf config.services.postfix.enable {
services.prometheus.exporters.postfix.group = mkDefault config.services.postfix.setgidGroup;
})] ++ [(mkIf config.services.prometheus.exporters.deluge.enable {
system.activationScripts = {
deluge-exported.text = ''
mkdir -p /etc/deluge-exporter
echo "DELUGE_PASSWORD=$(cat ${config.services.prometheus.exporters.deluge.delugePasswordFile})" > /etc/deluge-exporter/password
'';
};
})] ++ (mapAttrsToList (name: conf:
mkExporterConf {
inherit name;
nixos/modules/services/monitoring/prometheus/exporters/deluge.nix
-85
View File
@@ -1,85 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.prometheus.exporters.deluge;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9354;
extraOpts = {
delugeHost = mkOption {
type = types.str;
default = "localhost";
description = ''
Hostname where deluge server is running.
'';
};
delugePort = mkOption {
type = types.port;
default = 58846;
description = ''
Port where deluge server is listening.
'';
};
delugeUser = mkOption {
type = types.str;
default = "localclient";
description = ''
User to connect to deluge server.
'';
};
delugePassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password to connect to deluge server.
This stores the password unencrypted in the nix store and is thus considered unsafe. Prefer
using the delugePasswordFile option.
'';
};
delugePasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
File containing the password to connect to deluge server.
'';
};
exportPerTorrentMetrics = mkOption {
type = types.bool;
default = false;
description = ''
Enable per-torrent metrics.
This may significantly increase the number of time series depending on the number of
torrents in your Deluge instance.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-deluge-exporter}/bin/deluge-exporter
'';
Environment = [
"LISTEN_PORT=${toString cfg.port}"
"LISTEN_ADDRESS=${toString cfg.listenAddress}"
"DELUGE_HOST=${cfg.delugeHost}"
"DELUGE_USER=${cfg.delugeUser}"
"DELUGE_PORT=${toString cfg.delugePort}"
] ++ lib.optionals (cfg.delugePassword != null) [
"DELUGE_PASSWORD=${cfg.delugePassword}"
] ++ lib.optionals cfg.exportPerTorrentMetrics [
"PER_TORRENT_METRICS=1"
];
EnvironmentFile = lib.optionalString (cfg.delugePasswordFile != null) "/etc/deluge-exporter/password";
};
};
}
nixos/modules/services/monitoring/prometheus/pushgateway.nix
+2 -42
View File
@@ -147,52 +147,12 @@ in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "always";
DynamicUser = true;
ExecStart = "${cfg.package}/bin/pushgateway" +
optionalString (length cmdlineArgs != 0) (" \\\n " +
concatStringsSep " \\\n " cmdlineArgs);
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DynamicUser = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ProtectHome = "tmpfs";
PrivateTmp = true;
PrivateDevices = true;
PrivateIPC = true;
ProcSubset = "pid";
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
Restart = "always";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
StateDirectory = if cfg.persistMetrics then cfg.stateDir else null;
SystemCallFilter = [
"@system-service"
"~@cpu-emulation"
"~@privileged"
"~@reboot"
"~@setuid"
"~@swap"
];
};
};
};
nixos/modules/services/networking/bee.nix
+2 -1
View File
@@ -101,7 +101,8 @@ in {
preStart = with cfg.settings; ''
if ! test -f ${password-file}; then
< /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 | install -m 600 /dev/stdin ${password-file}
< /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${password-file}
chmod 0600 ${password-file}
echo "Initialized ${password-file} from /dev/urandom"
fi
if [ ! -f ${data-dir}/keys/libp2p.key ]; then
nixos/modules/services/networking/cloudflare-warp.nix
-91
View File
@@ -1,91 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.cloudflare-warp;
in
{
options.services.cloudflare-warp = {
enable = lib.mkEnableOption "Cloudflare Zero Trust client daemon";
package = lib.mkPackageOption pkgs "cloudflare-warp" { };
rootDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/cloudflare-warp";
description = ''
Working directory for the warp-svc daemon.
'';
};
udpPort = lib.mkOption {
type = lib.types.port;
default = 2408;
description = ''
The UDP port to open in the firewall. Warp uses port 2408 by default, but fallback ports can be used
if that conflicts with another service. See the [firewall documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall#warp-udp-ports)
for the pre-configured available fallback ports.
'';
};
openFirewall = lib.mkEnableOption "opening UDP ports in the firewall" // {
default = true;
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
networking.firewall = lib.mkIf cfg.openFirewall {
allowedUDPPorts = [ cfg.udpPort ];
};
systemd.tmpfiles.rules = [
"d ${cfg.rootDir} - root root"
"z ${cfg.rootDir} - root root"
];
systemd.services.cloudflare-warp = {
enable = true;
description = "Cloudflare Zero Trust Client Daemon";
# lsof is used by the service to determine which UDP port to bind to
# in the case that it detects collisions.
path = [ pkgs.lsof ];
requires = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
let
caps = [
"CAP_NET_ADMIN"
"CAP_NET_BIND_SERVICE"
"CAP_SYS_PTRACE"
];
in
{
Type = "simple";
ExecStart = "${cfg.package}/bin/warp-svc";
ReadWritePaths = [ "${cfg.rootDir}" "/etc/resolv.conf" ];
CapabilityBoundingSet = caps;
AmbientCapabilities = caps;
Restart = "always";
RestartSec = 5;
Environment = [ "RUST_BACKTRACE=full" ];
WorkingDirectory = cfg.rootDir;
# See the systemd.exec docs for the canonicalized paths, the service
# makes use of them for logging, and account state info tracking.
# https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=
StateDirectory = "cloudflare-warp";
RuntimeDirectory = "cloudflare-warp";
LogsDirectory = "cloudflare-warp";
# The service needs to write to /etc/resolv.conf to configure DNS, so that file would have to
# be world read/writable to run as anything other than root.
User = "root";
Group = "root";
};
};
};
meta.maintainers = with lib.maintainers; [ treyfortmuller ];
}
nixos/modules/services/networking/deconz.nix
-1
View File
@@ -122,7 +122,6 @@ in
RuntimeDirectory = name;
RuntimeDirectoryMode = "0700";
StateDirectory = name;
SuccessExitStatus = [ 143 ];
WorkingDirectory = stateDir;
# For access to /dev/ttyACM0 (ConBee).
SupplementaryGroups = [ "dialout" ];
nixos/modules/services/networking/magic-wormhole-mailbox-server.nix
+7 -17
View File
@@ -1,27 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.magic-wormhole-mailbox-server;
# keep semicolon in dataDir for backward compatibility
dataDir = "/var/lib/magic-wormhole-mailbox-server;";
python = pkgs.python311.withPackages (
py: with py; [
magic-wormhole-mailbox-server
twisted
]
);
python = pkgs.python3.withPackages (py: [ py.magic-wormhole-mailbox-server py.twisted ]);
in
{
options.services.magic-wormhole-mailbox-server = {
enable = lib.mkEnableOption "Magic Wormhole Mailbox Server";
enable = mkEnableOption "Magic Wormhole Mailbox Server";
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
systemd.services.magic-wormhole-mailbox-server = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
@@ -32,7 +23,6 @@ in
StateDirectory = baseNameOf dataDir;
};
};
};
meta.maintainers = [ lib.maintainers.mjoerg ];
};
}
nixos/modules/services/networking/nebula.nix
+3 -5
View File
@@ -51,8 +51,8 @@ in
};
key = mkOption {
type = types.oneOf [types.nonEmptyStr types.path];
description = "Path or reference to the host key.";
type = types.path;
description = "Path to the host key.";
example = "/etc/nebula/host.key";
};
@@ -241,7 +241,7 @@ in
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = true;
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
User = networkId;
@@ -269,6 +269,4 @@ in
${nameToId netName} = {};
}) enabledNetworks);
};
meta.maintainers = [ numinit ];
}
nixos/modules/services/networking/realm.nix
-50
View File
@@ -1,50 +0,0 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.realm;
configFormat = pkgs.formats.json { };
configFile = configFormat.generate "config.json" cfg.config;
inherit (lib)
mkEnableOption mkPackageOption mkOption mkIf types getExe;
in
{
meta.maintainers = with lib.maintainers; [ ocfox ];
options = {
services.realm = {
enable = mkEnableOption "A simple, high performance relay server written in rust";
package = mkPackageOption pkgs "realm" { };
config = mkOption {
type = types.submodule {
freeformType = configFormat.type;
};
default = { };
description = ''
The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.realm = {
serviceConfig = {
DynamicUser = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectProc = "invisible";
ProtectKernelTunables = true;
ExecStart = "${getExe cfg.package} --config ${configFile}";
AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ];
};
wantedBy = [ "multi-user.target" ];
};
};
}
nixos/modules/services/networking/scion/scion-control.nix
+4 -6
View File
@@ -3,10 +3,8 @@
with lib;
let
globalCfg = config.services.scion;
cfg = config.services.scion.scion-control;
toml = pkgs.formats.toml { };
connectionDir = if globalCfg.stateless then "/run" else "/var/lib";
defaultConfig = {
general = {
id = "cs";
@@ -14,13 +12,13 @@ let
reconnect_to_dispatcher = true;
};
beacon_db = {
connection = "${connectionDir}/scion-control/control.beacon.db";
connection = "/run/scion-control/control.beacon.db";
};
path_db = {
connection = "${connectionDir}/scion-control/control.path.db";
connection = "/run/scion-control/control.path.db";
};
trust_db = {
connection = "${connectionDir}/scion-control/control.trust.db";
connection = "/run/scion-control/control.trust.db";
};
log.console = {
level = "info";
@@ -64,7 +62,7 @@ in
DynamicUser = true;
Restart = "on-failure";
BindPaths = [ "/dev/shm:/run/shm" ];
${if globalCfg.stateless then "RuntimeDirectory" else "StateDirectory"} = "scion-control";
RuntimeDirectory = "scion-control";
};
};
};
nixos/modules/services/networking/scion/scion-daemon.nix
+3 -5
View File
@@ -3,10 +3,8 @@
with lib;
let
globalCfg = config.services.scion;
cfg = config.services.scion.scion-daemon;
toml = pkgs.formats.toml { };
connectionDir = if globalCfg.stateless then "/run" else "/var/lib";
defaultConfig = {
general = {
id = "sd";
@@ -14,10 +12,10 @@ let
reconnect_to_dispatcher = true;
};
path_db = {
connection = "${connectionDir}/scion-daemon/sd.path.db";
connection = "/run/scion-daemon/sd.path.db";
};
trust_db = {
connection = "${connectionDir}/scion-daemon/sd.trust.db";
connection = "/run/scion-daemon/sd.trust.db";
};
log.console = {
level = "info";
@@ -59,7 +57,7 @@ in
ExecStart = "${pkgs.scion}/bin/scion-daemon --config ${configFile}";
Restart = "on-failure";
DynamicUser = true;
${if globalCfg.stateless then "RuntimeDirectory" else "StateDirectory"} = "scion-daemon";
RuntimeDirectory = "scion-daemon";
};
};
};
nixos/modules/services/networking/scion/scion-dispatcher.nix
+1 -2
View File
@@ -3,7 +3,6 @@
with lib;
let
globalCfg = config.services.scion;
cfg = config.services.scion.scion-dispatcher;
toml = pkgs.formats.toml { };
defaultConfig = {
@@ -67,7 +66,7 @@ in
ExecStartPre = "${pkgs.coreutils}/bin/rm -rf /run/shm/dispatcher";
ExecStart = "${pkgs.scion}/bin/scion-dispatcher --config ${configFile}";
Restart = "on-failure";
${if globalCfg.stateless then "RuntimeDirectory" else "StateDirectory"} = "scion-dispatcher";
RuntimeDirectory = "scion-dispatcher";
};
};
};
nixos/modules/services/networking/scion/scion-router.nix
+1 -2
View File
@@ -3,7 +3,6 @@
with lib;
let
globalCfg = config.services.scion;
cfg = config.services.scion.scion-router;
toml = pkgs.formats.toml { };
defaultConfig = {
@@ -43,7 +42,7 @@ in
ExecStart = "${pkgs.scion}/bin/scion-router --config ${configFile}";
Restart = "on-failure";
DynamicUser = true;
${if globalCfg.stateless then "RuntimeDirectory" else "StateDirectory"} = "scion-router";
RuntimeDirectory = "scion-router";
};
};
};
nixos/modules/services/networking/scion/scion.nix
-16
View File
@@ -8,22 +8,6 @@ in
{
options.services.scion = {
enable = mkEnableOption "all of the scion components and services";
stateless = mkOption {
type = types.bool;
default = true;
description = ''
Setting this value to false (stateful) can lead to improved caching and
performance.
This option decides whether to persist the SCION path sqlite databases
on disk or not. Persisting this data can lead to database corruption in
extreme cases such as power outage, meaning SCION fails to work on the
next boot. This is being investigated.
If true, /run/scion-* is used for data
If false, use /var/lib/scion-* is used for data
'';
};
bypassBootstrapWarning = mkOption {
type = types.bool;
default = false;
nixos/modules/services/security/clamav.nix
+5 -5
View File
@@ -5,6 +5,7 @@ let
stateDir = "/var/lib/clamav";
clamavGroup = clamavUser;
cfg = config.services.clamav;
pkg = pkgs.clamav;
toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault { } " ";
@@ -26,7 +27,6 @@ in
options = {
services.clamav = {
package = mkPackageOption pkgs "clamav" { };
daemon = {
enable = mkEnableOption "ClamAV clamd daemon";
@@ -125,7 +125,7 @@ in
};
config = mkIf (cfg.updater.enable || cfg.daemon.enable) {
environment.systemPackages = [ cfg.package ];
environment.systemPackages = [ pkg ];
users.users.${clamavUser} = {
uid = config.ids.uids.clamav;
@@ -172,7 +172,7 @@ in
restartTriggers = [ clamdConfigFile ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/clamd";
ExecStart = "${pkg}/bin/clamd";
ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
User = clamavUser;
Group = clamavGroup;
@@ -201,7 +201,7 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/freshclam";
ExecStart = "${pkg}/bin/freshclam";
SuccessExitStatus = "1"; # if databases are up to date
StateDirectory = "clamav";
User = clamavUser;
@@ -274,7 +274,7 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/clamdscan --multiscan --fdpass --infected --allmatch ${lib.concatStringsSep " " cfg.scanner.scanDirectories}";
ExecStart = "${pkg}/bin/clamdscan --multiscan --fdpass --infected --allmatch ${lib.concatStringsSep " " cfg.scanner.scanDirectories}";
};
};
};
nixos/modules/services/web-apps/glance.md
-39
View File
@@ -1,39 +0,0 @@
# Glance {#module-services-glance}
Glance is a self-hosted dashboard that puts all your feeds in one place.
Visit [the Glance project page](https://github.com/glanceapp/glance) to learn
more about it.
## Quickstart {#module-services-glance-quickstart}
Checkout the [configuration docs](https://github.com/glanceapp/glance/blob/main/docs/configuration.md) to learn more.
Use the following configuration to start a public instance of Glance locally:
```nix
{
services.glance = {
enable = true;
settings = {
pages = [
{
name = "Home";
columns = [
{
size = "full";
widgets = [
{ type = "calendar"; }
{
type = "weather";
location = "Nivelles, Belgium";
}
];
}
];
}
];
};
openFirewall = true;
};
}
```
nixos/modules/services/web-apps/glance.nix
-141
View File
@@ -1,141 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.glance;
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
mkIf
getExe
types
;
settingsFormat = pkgs.formats.yaml { };
in
{
options.services.glance = {
enable = mkEnableOption "glance";
package = mkPackageOption pkgs "glance" { };
settings = mkOption {
type = types.submodule {
freeformType = settingsFormat.type;
options = {
server = {
host = mkOption {
description = "Glance bind address";
default = "127.0.0.1";
example = "0.0.0.0";
type = types.str;
};
port = mkOption {
description = "Glance port to listen on";
default = 8080;
example = 5678;
type = types.port;
};
};
pages = mkOption {
type = settingsFormat.type;
description = ''
List of pages to be present on the dashboard.
See <https://github.com/glanceapp/glance/blob/main/docs/configuration.md#pages--columns>
'';
default = [
{
name = "Calendar";
columns = [
{
size = "full";
widgets = [ { type = "calendar"; } ];
}
];
}
];
example = [
{
name = "Home";
columns = [
{
size = "full";
widgets = [
{ type = "calendar"; }
{
type = "weather";
location = "Nivelles, Belgium";
}
];
}
];
}
];
};
};
};
default = { };
description = ''
Configuration written to a yaml file that is read by glance. See
<https://github.com/glanceapp/glance/blob/main/docs/configuration.md>
for more.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for Glance.
This adds `services.glance.settings.server.port` to `networking.firewall.allowedTCPPorts`.
'';
};
};
config = mkIf cfg.enable {
systemd.services.glance = {
description = "Glance feed dashboard server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart =
let
glance-yaml = settingsFormat.generate "glance.yaml" cfg.settings;
in
"${getExe cfg.package} --config ${glance-yaml}";
WorkingDirectory = "/var/lib/glance";
StateDirectory = "glance";
RuntimeDirectory = "glance";
RuntimeDirectoryMode = "0755";
PrivateTmp = true;
DynamicUser = true;
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProcSubset = "pid";
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
};
networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.server.port ]; };
};
meta.doc = ./glance.md;
meta.maintainers = [ lib.maintainers.drupol ];
}
nixos/modules/services/web-apps/jitsi-meet.nix
+8 -6
View File
@@ -398,29 +398,30 @@ in
before = [ "jicofo.service" "jitsi-videobridge2.service" ] ++ (optional cfg.prosody.enable "prosody.service") ++ (optional cfg.jigasi.enable "jigasi.service");
serviceConfig = {
Type = "oneshot";
UMask = "027";
User = "root";
Group = "jitsi-meet";
WorkingDirectory = "/var/lib/jitsi-meet";
};
script = let
secrets = [ "jicofo-component-secret" "jicofo-user-secret" "jibri-auth-secret" "jibri-recorder-secret" ] ++ (optionals cfg.jigasi.enable [ "jigasi-user-secret" "jigasi-component-secret" ]) ++ (optional (cfg.videobridge.passwordFile == null) "videobridge-secret");
in
''
cd /var/lib/jitsi-meet
${concatMapStringsSep "\n" (s: ''
if [ ! -f ${s} ]; then
tr -dc a-zA-Z0-9 </dev/urandom | head -c 64 > ${s}
chown root:jitsi-meet ${s}
chmod 640 ${s}
fi
'') secrets}
# for easy access in prosody
echo "JICOFO_COMPONENT_SECRET=$(cat jicofo-component-secret)" > secrets-env
echo "JIGASI_COMPONENT_SECRET=$(cat jigasi-component-secret)" >> secrets-env
chown root:jitsi-meet secrets-env
chmod 640 secrets-env
''
+ optionalString cfg.prosody.enable ''
# generate self-signed certificates
if [ ! -f /var/lib/jitsi-meet/jitsi-meet.crt ]; then
if [ ! -f /var/lib/jitsi-meet.crt ]; then
${getBin pkgs.openssl}/bin/openssl req \
-x509 \
-newkey rsa:4096 \
@@ -429,7 +430,8 @@ in
-days 36500 \
-nodes \
-subj '/CN=${cfg.hostName}/CN=auth.${cfg.hostName}'
chmod 640 /var/lib/jitsi-meet/jitsi-meet.key
chmod 640 /var/lib/jitsi-meet/jitsi-meet.{crt,key}
chown root:jitsi-meet /var/lib/jitsi-meet/jitsi-meet.{crt,key}
fi
'';
};
nixos/modules/services/web-apps/mediawiki.nix
+93 -99
View File
@@ -64,135 +64,129 @@ let
else
throw "Unsupported database type: ${cfg.database.type} for socket: ${cfg.database.socket}";
mediawikiConfig = pkgs.writeTextFile {
name = "LocalSettings.php";
checkPhase = ''
${php}/bin/php --syntax-check "$target"
'';
text = ''
<?php
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
mediawikiConfig = pkgs.writeText "LocalSettings.php" ''
<?php
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
$wgSitename = "${cfg.name}";
$wgMetaNamespace = false;
$wgSitename = "${cfg.name}";
$wgMetaNamespace = false;
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "${lib.optionalString (cfg.webserver == "nginx") "/w"}";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "${lib.optionalString (cfg.webserver == "nginx") "/w"}";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "${cfg.url}";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "${cfg.url}";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
${lib.optionalString (cfg.webserver == "nginx") ''
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
''}
${lib.optionalString (cfg.webserver == "nginx") ''
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
''}
## The URL path to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
## The URL path to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
## UPO means: this is also a user preference option
## UPO means: this is also a user preference option
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgPasswordSender = "${cfg.passwordSender}";
$wgPasswordSender = "${cfg.passwordSender}";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "${cfg.database.type}";
$wgDBserver = "${dbAddr}";
$wgDBport = "${toString cfg.database.port}";
$wgDBname = "${cfg.database.name}";
$wgDBuser = "${cfg.database.user}";
${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"}
## Database settings
$wgDBtype = "${cfg.database.type}";
$wgDBserver = "${dbAddr}";
$wgDBport = "${toString cfg.database.port}";
$wgDBname = "${cfg.database.name}";
$wgDBuser = "${cfg.database.user}";
${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"}
${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) ''
# MySQL specific settings
$wgDBprefix = "${cfg.database.tablePrefix}";
''}
${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) ''
# MySQL specific settings
$wgDBprefix = "${cfg.database.tablePrefix}";
''}
${optionalString (cfg.database.type == "mysql") ''
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
''}
${optionalString (cfg.database.type == "mysql") ''
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
''}
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
${optionalString (cfg.uploadsDir != null) ''
$wgEnableUploads = true;
$wgUploadDirectory = "${cfg.uploadsDir}";
''}
${optionalString (cfg.uploadsDir != null) ''
$wgEnableUploads = true;
$wgUploadDirectory = "${cfg.uploadsDir}";
''}
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = true;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = true;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "C.UTF-8";
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "C.UTF-8";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
$wgCacheDirectory = "${cacheDir}";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
$wgCacheDirectory = "${cacheDir}";
# Site language code, should be one of the list in ./languages/data/Names.php
$wgLanguageCode = "en";
# Site language code, should be one of the list in ./languages/data/Names.php
$wgLanguageCode = "en";
$wgSecretKey = file_get_contents("${stateDir}/secret.key");
$wgSecretKey = file_get_contents("${stateDir}/secret.key");
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff = "${pkgs.diffutils}/bin/diff";
$wgDiff3 = "${pkgs.diffutils}/bin/diff3";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff = "${pkgs.diffutils}/bin/diff";
$wgDiff3 = "${pkgs.diffutils}/bin/diff3";
# Enabled skins.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)}
# Enabled skins.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)}
# Enabled extensions.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)}
# Enabled extensions.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)}
# End of automatically generated settings.
# Add more configuration options below.
# End of automatically generated settings.
# Add more configuration options below.
${cfg.extraConfig}
'';
};
${cfg.extraConfig}
'';
withTrailingSlash = str: if lib.hasSuffix "/" str then str else "${str}/";
in
nixos/modules/services/web-apps/onlyoffice.nix
+30 -28
View File
@@ -1,22 +1,24 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.onlyoffice;
in
{
options.services.onlyoffice = {
enable = lib.mkEnableOption "OnlyOffice DocumentServer";
enable = mkEnableOption "OnlyOffice DocumentServer";
enableExampleServer = lib.mkEnableOption "OnlyOffice example server";
enableExampleServer = mkEnableOption "OnlyOffice example server";
hostname = lib.mkOption {
type = lib.types.str;
hostname = mkOption {
type = types.str;
default = "localhost";
description = "FQDN for the OnlyOffice instance.";
description = "FQDN for the onlyoffice instance.";
};
jwtSecretFile = lib.mkOption {
type = lib.types.nullOr lib.types.str;
jwtSecretFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to a file that contains the secret to sign web requests using JSON Web Tokens.
@@ -24,34 +26,34 @@ in
'';
};
package = lib.mkPackageOption pkgs "onlyoffice-documentserver" { };
package = mkPackageOption pkgs "onlyoffice-documentserver" { };
port = lib.mkOption {
type = lib.types.port;
port = mkOption {
type = types.port;
default = 8000;
description = "Port the OnlyOffice document server should listen on.";
description = "Port the OnlyOffice DocumentServer should listens on.";
};
examplePort = lib.mkOption {
type = lib.types.port;
examplePort = mkOption {
type = types.port;
default = null;
description = "Port the OnlyOffice example server should listen on.";
description = "Port the OnlyOffice Example server should listens on.";
};
postgresHost = lib.mkOption {
type = lib.types.str;
postgresHost = mkOption {
type = types.str;
default = "/run/postgresql";
description = "The Postgresql hostname or socket path OnlyOffice should connect to.";
};
postgresName = lib.mkOption {
type = lib.types.str;
postgresName = mkOption {
type = types.str;
default = "onlyoffice";
description = "The name of database OnlyOffice should use.";
description = "The name of database OnlyOffice should user.";
};
postgresPasswordFile = lib.mkOption {
type = lib.types.nullOr lib.types.str;
postgresPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to a file that contains the password OnlyOffice should use to connect to Postgresql.
@@ -59,8 +61,8 @@ in
'';
};
postgresUser = lib.mkOption {
type = lib.types.str;
postgresUser = mkOption {
type = types.str;
default = "onlyoffice";
description = ''
The username OnlyOffice should use to connect to Postgresql.
@@ -68,8 +70,8 @@ in
'';
};
rabbitmqUrl = lib.mkOption {
type = lib.types.str;
rabbitmqUrl = mkOption {
type = types.str;
default = "amqp://guest:guest@localhost:5672";
description = "The Rabbitmq in amqp URI style OnlyOffice should connect to.";
};
@@ -78,10 +80,10 @@ in
config = lib.mkIf cfg.enable {
services = {
nginx = {
enable = lib.mkDefault true;
enable = mkDefault true;
# misses text/csv, font/ttf, application/x-font-ttf, application/rtf, application/wasm
recommendedGzipSettings = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedGzipSettings = mkDefault true;
recommendedProxySettings = mkDefault true;
upstreams = {
# /etc/nginx/includes/http-common.conf
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
+35 -58
View File
@@ -12,7 +12,7 @@ import subprocess
import sys
import warnings
import json
from typing import NamedTuple, Any
from typing import NamedTuple, Dict, List
from dataclasses import dataclass
# These values will be replaced with actual values during the package build
@@ -21,7 +21,7 @@ BOOT_MOUNT_POINT = "@bootMountPoint@"
LOADER_CONF = f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf" # Always stored on the ESP
NIXOS_DIR = "@nixosDir@"
TIMEOUT = "@timeout@"
EDITOR = "@editor@" == "1" # noqa: PLR0133
EDITOR = "@editor@" == "1"
CONSOLE_MODE = "@consoleMode@"
BOOTSPEC_TOOLS = "@bootspecTools@"
DISTRO_NAME = "@distroName@"
@@ -38,22 +38,17 @@ class BootSpec:
init: str
initrd: str
kernel: str
kernelParams: list[str] # noqa: N815
kernelParams: List[str]
label: str
system: str
toplevel: str
specialisations: dict[str, "BootSpec"]
sortKey: str # noqa: N815
initrdSecrets: str | None = None # noqa: N815
specialisations: Dict[str, "BootSpec"]
sortKey: str
initrdSecrets: str | None = None
libc = ctypes.CDLL("libc.so.6")
FILE = None | int
def run(cmd: list[str], stdout: FILE = None) -> subprocess.CompletedProcess[str]:
return subprocess.run(cmd, check=True, text=True, stdout=stdout)
class SystemIdentifier(NamedTuple):
profile: str | None
generation: int
@@ -117,20 +112,17 @@ def get_bootspec(profile: str | None, generation: int) -> BootSpec:
boot_json_f = open(boot_json_path, 'r')
bootspec_json = json.load(boot_json_f)
else:
boot_json_str = run(
[
f"{BOOTSPEC_TOOLS}/bin/synthesize",
"--version",
"1",
system_directory,
"/dev/stdout",
],
stdout=subprocess.PIPE,
).stdout
boot_json_str = subprocess.check_output([
f"{BOOTSPEC_TOOLS}/bin/synthesize",
"--version",
"1",
system_directory,
"/dev/stdout"],
universal_newlines=True)
bootspec_json = json.loads(boot_json_str)
return bootspec_from_json(bootspec_json)
def bootspec_from_json(bootspec_json: dict[str, Any]) -> BootSpec:
def bootspec_from_json(bootspec_json: Dict) -> BootSpec:
specialisations = bootspec_json['org.nixos.specialisation.v1']
specialisations = {k: bootspec_from_json(v) for k, v in specialisations.items()}
systemdBootExtension = bootspec_json.get('org.nixos.systemd-boot', {})
@@ -165,7 +157,7 @@ def write_entry(profile: str | None, generation: int, specialisation: str | None
try:
if bootspec.initrdSecrets is not None:
run([bootspec.initrdSecrets, f"{BOOT_MOUNT_POINT}%s" % (initrd)])
subprocess.check_call([bootspec.initrdSecrets, f"{BOOT_MOUNT_POINT}%s" % (initrd)])
except subprocess.CalledProcessError:
if current:
print("failed to create initrd secrets!", file=sys.stderr)
@@ -200,17 +192,13 @@ def write_entry(profile: str | None, generation: int, specialisation: str | None
def get_generations(profile: str | None = None) -> list[SystemIdentifier]:
gen_list = run(
[
f"{NIX}/bin/nix-env",
"--list-generations",
"-p",
"/nix/var/nix/profiles/%s"
% ("system-profiles/" + profile if profile else "system"),
],
stdout=subprocess.PIPE,
).stdout
gen_lines = gen_list.split("\n")
gen_list = subprocess.check_output([
f"{NIX}/bin/nix-env",
"--list-generations",
"-p",
"/nix/var/nix/profiles/%s" % ("system-profiles/" + profile if profile else "system")],
universal_newlines=True)
gen_lines = gen_list.split('\n')
gen_lines.pop()
configurationLimit = CONFIGURATION_LIMIT
@@ -226,8 +214,8 @@ def get_generations(profile: str | None = None) -> list[SystemIdentifier]:
def remove_old_entries(gens: list[SystemIdentifier]) -> None:
rex_profile = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + r"/loader/entries/nixos-(.*)-generation-.*\.conf$")
rex_generation = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + r"/loader/entries/nixos.*-generation-([0-9]+)(-specialisation-.*)?\.conf$")
rex_profile = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + "/loader/entries/nixos-(.*)-generation-.*\.conf$")
rex_generation = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + "/loader/entries/nixos.*-generation-([0-9]+)(-specialisation-.*)?\.conf$")
known_paths = []
for gen in gens:
bootspec = get_bootspec(gen.profile, gen.generation)
@@ -242,10 +230,10 @@ def remove_old_entries(gens: list[SystemIdentifier]) -> None:
gen_number = int(rex_generation.sub(r"\1", path))
except ValueError:
continue
if (prof, gen_number, None) not in gens:
if not (prof, gen_number, None) in gens:
os.unlink(path)
for path in glob.iglob(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/*"):
if path not in known_paths and not os.path.isdir(path):
if not path in known_paths and not os.path.isdir(path):
os.unlink(path)
@@ -275,7 +263,9 @@ def install_bootloader(args: argparse.Namespace) -> None:
# be there on newly installed systems, so let's generate one so that
# bootctl can find it and we can also pass it to write_entry() later.
cmd = [f"{SYSTEMD}/bin/systemd-machine-id-setup", "--print"]
machine_id = run(cmd, stdout=subprocess.PIPE).stdout.rstrip()
machine_id = subprocess.run(
cmd, text=True, check=True, stdout=subprocess.PIPE
).stdout.rstrip()
if os.getenv("NIXOS_INSTALL_GRUB") == "1":
warnings.warn("NIXOS_INSTALL_GRUB env var deprecated, use NIXOS_INSTALL_BOOTLOADER", DeprecationWarning)
@@ -298,20 +288,11 @@ def install_bootloader(args: argparse.Namespace) -> None:
if os.path.exists(LOADER_CONF):
os.unlink(LOADER_CONF)
run(
[f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"]
+ bootctl_flags
+ ["install"]
)
subprocess.check_call([f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"] + bootctl_flags + ["install"])
else:
# Update bootloader to latest if needed
available_out = run(
[f"{SYSTEMD}/bin/bootctl", "--version"], stdout=subprocess.PIPE
).stdout.split()[2]
installed_out = run(
[f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}", "status"],
stdout=subprocess.PIPE,
).stdout
available_out = subprocess.check_output([f"{SYSTEMD}/bin/bootctl", "--version"], universal_newlines=True).split()[2]
installed_out = subprocess.check_output([f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}", "status"], universal_newlines=True)
# See status_binaries() in systemd bootctl.c for code which generates this
installed_match = re.search(r"^\W+File:.*/EFI/(?:BOOT|systemd)/.*\.efi \(systemd-boot ([\d.]+[^)]*)\)$",
@@ -330,11 +311,7 @@ def install_bootloader(args: argparse.Namespace) -> None:
if installed_version < available_version:
print("updating systemd-boot from %s to %s" % (installed_version, available_version))
run(
[f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"]
+ bootctl_flags
+ ["update"]
)
subprocess.check_call([f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"] + bootctl_flags + ["update"])
os.makedirs(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}", exist_ok=True)
os.makedirs(f"{BOOT_MOUNT_POINT}/loader/entries", exist_ok=True)
@@ -385,7 +362,7 @@ def install_bootloader(args: argparse.Namespace) -> None:
os.makedirs(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/.extra-files", exist_ok=True)
run([COPY_EXTRA_FILES])
subprocess.check_call(COPY_EXTRA_FILES)
def main() -> None:
@@ -393,7 +370,7 @@ def main() -> None:
parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help=f"The default {DISTRO_NAME} config to boot")
args = parser.parse_args()
run([CHECK_MOUNTPOINTS])
subprocess.check_call(CHECK_MOUNTPOINTS)
try:
install_bootloader(args)
nixos/release-small.nix
-2
View File
@@ -78,7 +78,6 @@ in rec {
nginx
nodejs
openssh
opensshTest
php
postgresql
python
@@ -140,7 +139,6 @@ in rec {
"nixos.tests.simple"
"nixpkgs.jdk"
"nixpkgs.tests-stdenv-gcc-stageCompare"
"nixpkgs.opensshTest"
])
];
};
nixos/tests/all-tests.nix
-5
View File
@@ -323,7 +323,6 @@ in {
firefox-devedition = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-devedition; };
firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job
firefox-esr-115 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-115; };
firefox-esr-128 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-128; };
firefoxpwa = handleTest ./firefoxpwa.nix {};
firejail = handleTest ./firejail.nix {};
firewall = handleTest ./firewall.nix { nftables = false; };
@@ -364,7 +363,6 @@ in {
gitlab = runTest ./gitlab.nix;
gitolite = handleTest ./gitolite.nix {};
gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {};
glance = runTest ./glance.nix;
glusterfs = handleTest ./glusterfs.nix {};
gnome = handleTest ./gnome.nix {};
gnome-extensions = handleTest ./gnome-extensions.nix {};
@@ -526,8 +524,6 @@ in {
lxd-image-server = handleTest ./lxd-image-server.nix {};
#logstash = handleTest ./logstash.nix {};
lomiri = handleTest ./lomiri.nix {};
lomiri-calculator-app = runTest ./lomiri-calculator-app.nix;
lomiri-clock-app = runTest ./lomiri-clock-app.nix;
lomiri-filemanager-app = runTest ./lomiri-filemanager-app.nix;
lomiri-system-settings = handleTest ./lomiri-system-settings.nix {};
lorri = handleTest ./lorri/default.nix {};
@@ -811,7 +807,6 @@ in {
ragnarwm = handleTest ./ragnarwm.nix {};
rasdaemon = handleTest ./rasdaemon.nix {};
readarr = handleTest ./readarr.nix {};
realm = handleTest ./realm.nix {};
redis = handleTest ./redis.nix {};
redlib = handleTest ./redlib.nix {};
redmine = handleTest ./redmine.nix {};
nixos/tests/ayatana-indicators.nix
+1 -1
View File
@@ -35,7 +35,7 @@ in {
ayatana-indicator-sound
] ++ (with pkgs.lomiri; [
lomiri-indicator-network
telephony-service
# telephony-service # currently broken: https://github.com/NixOS/nixpkgs/pull/314043
]);
};
nixos/tests/glance.nix
-36
View File
@@ -1,36 +0,0 @@
{ lib, ... }:
{
name = "glance";
nodes = {
machine_default =
{ pkgs, ... }:
{
services.glance = {
enable = true;
};
};
machine_custom_port =
{ pkgs, ... }:
{
services.glance = {
enable = true;
settings.server.port = 5678;
};
};
};
testScript = ''
machine_default.start()
machine_default.wait_for_unit("glance.service")
machine_default.wait_for_open_port(8080)
machine_custom_port.start()
machine_custom_port.wait_for_unit("glance.service")
machine_custom_port.wait_for_open_port(5678)
'';
meta.maintainers = [ lib.maintainers.drupol ];
}
nixos/tests/lomiri-calculator-app.nix
-59
View File
@@ -1,59 +0,0 @@
{ pkgs, lib, ... }:
{
name = "lomiri-calculator-app-standalone";
meta.maintainers = lib.teams.lomiri.members;
nodes.machine =
{ config, pkgs, ... }:
{
imports = [ ./common/x11.nix ];
services.xserver.enable = true;
environment = {
systemPackages = with pkgs.lomiri; [
suru-icon-theme
lomiri-calculator-app
];
variables = {
UITK_ICON_THEME = "suru";
};
};
i18n.supportedLocales = [ "all" ];
fonts.packages = with pkgs; [
# Intended font & helps with OCR
ubuntu_font_family
];
};
enableOCR = true;
testScript = ''
machine.wait_for_x()
with subtest("lomiri calculator launches"):
machine.execute("lomiri-calculator-app >&2 &")
machine.wait_for_text("Calculator")
machine.screenshot("lomiri-calculator")
with subtest("lomiri calculator works"):
machine.send_key("tab") # Fix focus
machine.send_chars("22*16\n")
machine.wait_for_text("352")
machine.screenshot("lomiri-calculator_caninfactdobasicmath")
machine.succeed("pkill -f lomiri-calculator-app")
with subtest("lomiri calculator localisation works"):
machine.execute("env LANG=de_DE.UTF-8 lomiri-calculator-app >&2 &")
machine.wait_for_text("Rechner")
machine.screenshot("lomiri-calculator_localised")
# History of previous run should have loaded
with subtest("lomiri calculator history works"):
machine.wait_for_text("352")
'';
}
nixos/tests/lomiri-clock-app.nix
-48
View File
@@ -1,48 +0,0 @@
{ pkgs, lib, ... }:
{
name = "lomiri-clock-app-standalone";
meta.maintainers = lib.teams.lomiri.members;
nodes.machine =
{ config, pkgs, ... }:
{
imports = [ ./common/x11.nix ];
services.xserver.enable = true;
environment = {
systemPackages = with pkgs.lomiri; [
suru-icon-theme
lomiri-clock-app
];
variables = {
UITK_ICON_THEME = "suru";
};
};
i18n.supportedLocales = [ "all" ];
fonts.packages = with pkgs; [
# Intended font & helps with OCR
ubuntu_font_family
];
};
enableOCR = true;
testScript = ''
machine.wait_for_x()
with subtest("lomiri clock launches"):
machine.execute("lomiri-clock-app >&2 &")
machine.wait_for_text(r"(clock.ubports|City|Alarms)")
machine.screenshot("lomiri-clock_open")
machine.succeed("pkill -f lomiri-clock-app")
with subtest("lomiri clock localisation works"):
machine.execute("env LANG=de_DE.UTF-8 lomiri-clock-app >&2 &")
machine.wait_for_text(r"(Stadt|Weckzeiten)")
machine.screenshot("lomiri-clock_localised")
'';
}
nixos/tests/lorri/default.nix
+3 -3
View File
@@ -17,12 +17,12 @@ import ../make-test-python.nix {
# Start the daemon and wait until it is ready
machine.execute("lorri daemon > lorri.stdout 2> lorri.stderr &")
machine.wait_until_succeeds("grep --fixed-strings 'ready' lorri.stderr")
machine.wait_until_succeeds("grep --fixed-strings 'ready' lorri.stdout")
# Ping the daemon
machine.succeed("lorri internal ping --shell-file shell.nix")
machine.succeed("lorri internal ping shell.nix")
# Wait for the daemon to finish the build
machine.wait_until_succeeds("grep --fixed-strings 'Completed' lorri.stderr")
machine.wait_until_succeeds("grep --fixed-strings 'Completed' lorri.stdout")
'';
}
nixos/tests/nzbhydra2.nix
+1 -1
View File
@@ -1,7 +1,7 @@
import ./make-test-python.nix ({ lib, ... }:
{
name = "nzbhydra2";
meta.maintainers = with lib.maintainers; [ matteopacini ];
meta.maintainers = with lib.maintainers; [ jamiemagee ];
nodes.machine = { pkgs, ... }: { services.nzbhydra2.enable = true; };
nixos/tests/prometheus-exporters.nix
-28
View File
@@ -209,34 +209,6 @@ let
'';
};
deluge = {
exporterConfig = {
enable = true;
port = 1234;
listenAddress = "127.0.0.1";
delugeUser = "user";
delugePort = 2345;
delugePasswordFile = pkgs.writeText "password" "weak_password";
};
metricProvider = {
services.deluge.enable = true;
services.deluge.declarative = true;
services.deluge.config.daemon_port = 2345;
services.deluge.authFile = pkgs.writeText "authFile" ''
localclient:abcdef:10
user:weak_password:10
'';
};
exporterTest = ''
wait_for_unit("deluged.service")
wait_for_open_port(2345)
wait_for_unit("prometheus-deluge-exporter.service")
wait_for_open_port(1234)
succeed("curl -sSf http://localhost:1234 | grep 'deluge_torrents'")
'';
};
dnsmasq = {
exporterConfig = {
enable = true;
nixos/tests/prometheus/alertmanager.nix
-4
View File
@@ -144,9 +144,5 @@ import ../make-test-python.nix ({ lib, pkgs, ... }:
logger.wait_until_succeeds(
"journalctl -o cat -u alertmanager-webhook-logger.service | grep '\"alertname\":\"InstanceDown\"'"
)
logger.log(logger.succeed("systemd-analyze security alertmanager-webhook-logger.service | grep -v ''"))
alertmanager.log(alertmanager.succeed("systemd-analyze security alertmanager.service | grep -v ''"))
'';
})
nixos/tests/prometheus/pushgateway.nix
-2
View File
@@ -90,7 +90,5 @@ import ../make-test-python.nix ({ lib, pkgs, ... }:
"curl -sf 'http://127.0.0.1:9090/api/v1/query?query=absent(some_metric)' | "
+ "jq '.data.result[0].value[1]' | grep '\"1\"'"
)
pushgateway.log(pushgateway.succeed("systemd-analyze security pushgateway.service | grep -v ''"))
'';
})
nixos/tests/realm.nix
-39
View File
@@ -1,39 +0,0 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "realm";
meta = {
maintainers = with lib.maintainers; [ ocfox ];
};
nodes.machine = { pkgs, ... }: {
services.nginx = {
enable = true;
statusPage = true;
};
# realm need DNS resolv server to run or use config.dns.nameserver
services.resolved.enable = true;
services.realm = {
enable = true;
config = {
endpoints = [
{
listen = "0.0.0.0:1000";
remote = "127.0.0.1:80";
}
];
};
};
};
testScript = ''
machine.wait_for_unit("nginx.service")
machine.wait_for_unit("realm.service")
machine.wait_for_open_port(80)
machine.wait_for_open_port(1000)
machine.succeed("curl --fail http://localhost:1000/")
'';
})
nixos/tests/systemd-boot-ovmf-broken-fat-driver.patch
+25
View File
@@ -0,0 +1,25 @@
From d87a7513c6f2f2824203032ef27caeb84892ed7e Mon Sep 17 00:00:00 2001
From: Will Fancher <elvishjerricco@gmail.com>
Date: Tue, 30 May 2023 16:53:20 -0400
Subject: [PATCH] Intentionally break the fat driver
---
FatPkg/EnhancedFatDxe/ReadWrite.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/FatPkg/EnhancedFatDxe/ReadWrite.c b/FatPkg/EnhancedFatDxe/ReadWrite.c
index 8f525044d1f1..32c62ff7817b 100644
--- a/FatPkg/EnhancedFatDxe/ReadWrite.c
+++ b/FatPkg/EnhancedFatDxe/ReadWrite.c
@@ -216,6 +216,11 @@ FatIFileAccess (
Volume = OFile->Volume;
Task = NULL;
+ if (*BufferSize > (10U * 1024U * 1024U)) {
+ IFile->Position += 10U * 1024U * 1024U;
+ return EFI_BAD_BUFFER_SIZE;
+ }
+
//
// Write to a directory is unsupported
//
nixos/tests/systemd-boot.nix
+32 -6
View File
@@ -239,7 +239,7 @@ in
memtest86 = makeTest {
name = "systemd-boot-memtest86";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ common ];
@@ -254,7 +254,7 @@ in
netbootxyz = makeTest {
name = "systemd-boot-netbootxyz";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ common ];
@@ -269,7 +269,7 @@ in
memtestSortKey = makeTest {
name = "systemd-boot-memtest-sortkey";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ common ];
@@ -307,7 +307,7 @@ in
extraEntries = makeTest {
name = "systemd-boot-extra-entries";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ common ];
@@ -326,7 +326,7 @@ in
extraFiles = makeTest {
name = "systemd-boot-extra-files";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ common ];
@@ -343,7 +343,7 @@ in
switch-test = makeTest {
name = "systemd-boot-switch-test";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];
nodes = {
inherit common;
@@ -428,6 +428,32 @@ in
'';
};
# Some UEFI firmwares fail on large reads. Now that systemd-boot loads initrd
# itself, systems with such firmware won't boot without this fix
uefiLargeFileWorkaround = makeTest {
name = "uefi-large-file-workaround";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
nodes.machine = { pkgs, ... }: {
imports = [common];
virtualisation.efi.OVMF = pkgs.OVMF.overrideAttrs (old: {
# This patch deliberately breaks the FAT driver in EDK2 to
# exhibit (part of) the firmware bug that we are testing
# for. Files greater than 10MiB will fail to be read in a
# single Read() call, so systemd-boot will fail to load the
# initrd without a workaround. The number 10MiB was chosen
# because if it were smaller than the kernel size, even the
# LoadImage call would fail, which is not the failure mode
# we're testing for. It needs to be between the kernel size
# and the initrd size.
patches = old.patches or [] ++ [ ./systemd-boot-ovmf-broken-fat-driver.patch ];
});
};
testScript = ''
machine.wait_for_unit("multi-user.target")
'';
};
no-bootspec = makeTest
{
name = "systemd-boot-no-bootspec";
nixos/tests/systemd-homed.nix
+2 -2
View File
@@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
password = "foobarfoo";
newPass = "barfoobar";
password = "foobar";
newPass = "barfoo";
in
{
name = "systemd-homed";
nixos/tests/user-home-mode.nix
-8
View File
@@ -12,12 +12,6 @@ import ./make-test-python.nix ({ lib, ... }: {
isNormalUser = true;
homeMode = "750";
};
users.users.carol = {
initialPassword = "pass3";
isNormalUser = true;
createHome = true;
home = "/users/carol";
};
};
testScript = ''
@@ -29,7 +23,5 @@ import ./make-test-python.nix ({ lib, ... }: {
machine.send_chars("pass1\n")
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
machine.succeed('[ "$(stat -c %a /users)" == "755" ]')
machine.succeed('[ "$(stat -c %a /users/carol)" == "700" ]')
'';
})
nixos/tests/vaultwarden.nix
+1
View File
@@ -209,6 +209,7 @@ builtins.mapAttrs (k: v: makeVaultwardenTest k v) {
server.succeed('[ -f "/var/lib/vaultwarden/backups/db.sqlite3" ]')
server.succeed('[ -d "/var/lib/vaultwarden/backups/attachments" ]')
server.succeed('[ -f "/var/lib/vaultwarden/backups/rsa_key.pem" ]')
server.succeed('[ -f "/var/lib/vaultwarden/backups/rsa_key.pub.pem" ]')
# Ensure only the db backed up with the backup command exists and not the other db files.
server.succeed('[ ! -f "/var/lib/vaultwarden/backups/db.sqlite3-shm" ]')
'';
nixos/tests/vscode-remote-ssh.nix
+1 -1
View File
@@ -14,7 +14,7 @@ import ./make-test-python.nix ({ lib, ... }@args: let
inherit (pkgs.vscode.passthru) rev vscodeServer;
in {
name = "vscode-remote-ssh";
meta.maintainers = with lib.maintainers; [ ];
meta.maintainers = with lib.maintainers; [ Enzime ];
nodes = let
serverAddress = "192.168.0.2";
pkgs/applications/audio/audacious/default.nix
+12 -18
View File
@@ -1,28 +1,26 @@
{ lib
, stdenv
, audacious-plugins
, fetchFromGitHub
, fetchurl
, gettext
, meson
, ninja
, pkg-config
, qtbase
, qtsvg
, qtwayland
, wrapQtAppsHook
}:
stdenv.mkDerivation rec {
pname = "audacious";
version = "4.4";
version = "4.3.1";
src = fetchFromGitHub {
owner = "audacious-media-player";
repo = "audacious";
rev = "${pname}-${version}";
hash = "sha256-qAJztvNI3uGmQfECJJ7tJ/xLLgMU5OiW0O3ZSJhvt0k=";
src = fetchurl {
url = "http://distfiles.audacious-media-player.org/audacious-${version}.tar.bz2";
sha256 = "sha256-heniaEFQW1HjQu5yotBfGb74lPVnoCnrs/Pgwa20IEI=";
};
nativeBuildInputs = [
gettext
meson
ninja
pkg-config
@@ -31,8 +29,6 @@ stdenv.mkDerivation rec {
buildInputs = [
qtbase
qtsvg
qtwayland
];
mesonFlags = [
@@ -45,14 +41,12 @@ stdenv.mkDerivation rec {
ln -s ${audacious-plugins}/share/audacious/Skins $out/share/audacious/
'';
meta = {
meta = with lib; {
description = "Lightweight and versatile audio player";
homepage = "https://audacious-media-player.org";
downloadPage = "https://github.com/audacious-media-player/audacious";
mainProgram = "audacious";
maintainers = with lib.maintainers; [ eelco ramkromberg ttuegel thiagokokada ];
platforms = lib.platforms.linux;
license = with lib.licenses; [
homepage = "https://audacious-media-player.org/";
maintainers = with maintainers; [ eelco ramkromberg ttuegel thiagokokada ];
platforms = with platforms; linux;
license = with licenses; [
bsd2
bsd3 #https://github.com/audacious-media-player/audacious/blob/master/COPYING
gpl2
pkgs/applications/audio/audacious/plugins.nix
+9 -10
View File
@@ -1,5 +1,5 @@
{ stdenv
, fetchFromGitHub
, fetchurl
, alsa-lib
, audacious
, curl
@@ -8,6 +8,7 @@
, flac
, fluidsynth
, gdk-pixbuf
, gettext
, lame
, libbs2b
, libcddb
@@ -38,7 +39,7 @@
, pipewire
, qtbase
, qtmultimedia
, qtwayland
, qtx11extras
, soxr
, vgmstream
, wavpack
@@ -46,18 +47,17 @@
stdenv.mkDerivation rec {
pname = "audacious-plugins";
version = "4.4";
version = "4.3.1";
src = fetchFromGitHub {
owner = "audacious-media-player";
repo = "audacious-plugins";
rev = "${pname}-${version}";
hash = "sha256-J9jgBl8J4W9Yvrlg1KlzYgGTmdxUZM9L11rCftKFSlE=";
src = fetchurl {
url = "http://distfiles.audacious-media-player.org/audacious-plugins-${version}.tar.bz2";
sha256 = "sha256-Leom469YOi1oTfJAsnsrKTK81lPfTbUAqF9P5dX9yKY=";
};
patches = [ ./0001-Set-plugindir-to-PREFIX-lib-audacious.patch ];
nativeBuildInputs = [
gettext
meson
ninja
pkg-config
@@ -98,7 +98,7 @@ stdenv.mkDerivation rec {
pipewire
qtbase
qtmultimedia
qtwayland
qtx11extras
soxr
wavpack
libopenmpt
@@ -116,6 +116,5 @@ stdenv.mkDerivation rec {
meta = audacious.meta // {
description = "Plugins for Audacious music player";
downloadPage = "https://github.com/audacious-media-player/audacious-plugins";
};
}
pkgs/by-name/ea/easyeffects/package.nix → pkgs/applications/audio/easyeffects/default.nix
+47 -57
View File
@@ -1,59 +1,53 @@
{
lib,
stdenv,
fetchFromGitHub,
appstream-glib,
calf,
deepfilternet,
desktop-file-utils,
fftw,
fftwFloat,
fmt_9,
glib,
gsl,
gtk4,
itstool,
ladspaH,
libadwaita,
libbs2b,
libebur128,
libportal-gtk4,
libsamplerate,
libsigcxx30,
libsndfile,
lilv,
lsp-plugins,
lv2,
mda_lv2,
meson,
ninja,
nix-update-script,
nlohmann_json,
pipewire,
pkg-config,
rnnoise,
rubberband,
speexdsp,
soundtouch,
tbb,
wrapGAppsHook4,
zam-plugins,
zita-convolver,
{ lib
, stdenv
, appstream-glib
, desktop-file-utils
, deepfilternet
, fetchFromGitHub
, calf
, fftw
, fftwFloat
, fmt_9
, glib
, gsl
, gtk4
, itstool
, ladspaH
, libadwaita
, libbs2b
, libebur128
, libportal-gtk4
, libsamplerate
, libsigcxx30
, libsndfile
, lilv
, lsp-plugins
, lv2
, mda_lv2
, meson
, ninja
, nlohmann_json
, pipewire
, pkg-config
, rnnoise
, rubberband
, speexdsp
, soundtouch
, tbb
, wrapGAppsHook4
, zam-plugins
, zita-convolver
}:
let
# Fix crashes with speexdsp effects
speexdsp' = speexdsp.override { withFftw3 = false; };
in
stdenv.mkDerivation rec {
pname = "easyeffects";
version = "7.1.7";
version = "7.1.6";
src = fetchFromGitHub {
owner = "wwmm";
repo = "easyeffects";
rev = "v${version}";
hash = "sha256-y7we7/MQWweAoZkM8SuHiOTVyWFj9/foufLYBum/KKc=";
hash = "sha256-NViRZHNgsweoD1YbyWYrRTZPKTCkKk3fGDLLYDD7JfA=";
};
nativeBuildInputs = [
@@ -89,7 +83,7 @@ stdenv.mkDerivation rec {
rnnoise
rubberband
soundtouch
speexdsp'
speexdsp
tbb
zita-convolver
];
@@ -116,17 +110,13 @@ stdenv.mkDerivation rec {
separateDebugInfo = true;
passthru = {
updateScript = nix-update-script { };
};
meta = {
meta = with lib; {
changelog = "https://github.com/wwmm/easyeffects/blob/v${version}/CHANGELOG.md";
description = "Audio effects for PipeWire applications";
homepage = "https://github.com/wwmm/easyeffects";
changelog = "https://github.com/wwmm/easyeffects/blob/v${version}/CHANGELOG.md";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ getchoo ];
license = licenses.gpl3Plus;
maintainers = with maintainers; [ ];
platforms = platforms.linux;
mainProgram = "easyeffects";
platforms = lib.platforms.linux;
};
}
pkgs/applications/audio/fdkaac/default.nix
+4 -4
View File
@@ -1,17 +1,17 @@
{ lib, stdenv, autoreconfHook, fetchFromGitHub, pkg-config, fdk_aac }:
{ lib, stdenv, autoreconfHook, fetchFromGitHub, fdk_aac }:
stdenv.mkDerivation rec {
pname = "fdkaac";
version = "1.0.6";
version = "1.0.5";
src = fetchFromGitHub {
owner = "nu774";
repo = pname;
rev = "v${version}";
hash = "sha256-nVVeYk7t4+n/BsOKs744stsvgJd+zNnbASk3bAgFTpk=";
sha256 = "sha256-GYvI9T5Bv2OcK0hMAQE7/tE6ajDyqkaak66b3Hc0Fls=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ fdk_aac ];
pkgs/by-name/fr/friture/package.nix → pkgs/applications/audio/friture/default.nix
+12 -30
View File
@@ -1,38 +1,18 @@
{
lib,
fetchFromGitHub,
python3Packages,
qt5,
}:
{ lib, fetchFromGitHub, python3Packages, wrapQtAppsHook }:
python3Packages.buildPythonApplication rec {
pname = "friture";
version = "0.49-unstable-2024-06-02";
pyproject = true;
version = "0.49";
src = fetchFromGitHub {
owner = "tlecomte";
repo = pname;
rev = "405bffa585ece0cb535c32d0f4f6ace932b40103";
hash = "sha256-4xvIlRuJ7WCFj1dEyvO9UOsye70nFlWjb9XU0owwgiM=";
rev = "v${version}";
sha256 = "sha256-xKgyBV/Qc+9PgXyxcT0xG1GXLC6KnjavJ/0SUE+9VSY=";
};
pythonRelaxDeps = true;
postPatch = ''
sed -i -e '/packages=\[/a "friture.playback",' pyproject.toml
'';
nativeBuildInputs =
(with python3Packages; [
numpy
cython
scipy
setuptools
])
++ (with qt5; [ wrapQtAppsHook ]);
buildInputs = with qt5; [ qtquickcontrols2 ];
nativeBuildInputs = (with python3Packages; [ numpy cython scipy ]) ++
[ wrapQtAppsHook ];
propagatedBuildInputs = with python3Packages; [
sounddevice
@@ -46,6 +26,11 @@ python3Packages.buildPythonApplication rec {
rtmixer
];
postPatch = ''
# Remove version constraints from Python dependencies in setup.py
sed -i -E "s/\"([A-Za-z0-9]+)(=|>|<)=[0-9\.]+\"/\"\1\"/g" setup.py
'';
preFixup = ''
makeWrapperArgs+=("''${qtWrapperArgs[@]}")
'';
@@ -68,9 +53,6 @@ python3Packages.buildPythonApplication rec {
homepage = "https://friture.org/";
license = licenses.gpl3;
platforms = platforms.linux; # fails on Darwin
maintainers = with maintainers; [
laikq
alyaeanyx
];
maintainers = with maintainers; [ laikq alyaeanyx ];
};
}
pkgs/applications/audio/g4music/default.nix
+2 -2
View File
@@ -15,14 +15,14 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "g4music";
version = "3.7.2";
version = "3.6.2";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "neithern";
repo = "g4music";
rev = "v${finalAttrs.version}";
hash = "sha256-fG8OBAzdCdr3Yo8Vei93HlNa2TIL5gxWG+0jFYjSDZ8=";
hash = "sha256-yNKDTcLunTLhAtOBrjuycw0rrdCSwmhhVyBg3AfMUCQ=";
};
nativeBuildInputs = [
pkgs/applications/audio/indicator-sound-switcher/default.nix
+2 -1
View File
@@ -1,6 +1,7 @@
{ python3Packages
, lib
, fetchFromGitHub
, perlPackages
, gettext
, gtk3
, gobject-introspection
@@ -34,7 +35,6 @@ python3Packages.buildPythonApplication rec {
wrapGAppsHook3
glib
gdk-pixbuf
gobject-introspection
];
buildInputs = [
@@ -45,6 +45,7 @@ python3Packages.buildPythonApplication rec {
python3Packages.setuptools
python3Packages.pygobject3
gtk3
gobject-introspection
librsvg
libayatana-appindicator
libpulseaudio
pkgs/applications/audio/monkeys-audio/default.nix
+2 -2
View File
@@ -5,13 +5,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
version = "10.74";
version = "10.72";
pname = "monkeys-audio";
src = fetchzip {
url = "https://monkeysaudio.com/files/MAC_${
builtins.concatStringsSep "" (lib.strings.splitString "." finalAttrs.version)}_SDK.zip";
hash = "sha256-AxRADWS5Ka62NLj6IqX5uF39mPxoWy+zQZQ7A2+DM7Y=";
hash = "sha256-vtpQhCV1hkme69liTO13vz+kxpA3zJ+U1In/4z6qLbQ=";
stripRoot = false;
};
nativeBuildInputs = [
pkgs/applications/audio/mopidy/spotify.nix
+15 -42
View File
@@ -1,62 +1,35 @@
{
lib,
fetchFromGitHub,
pythonPackages,
mopidy,
nix-update-script,
}:
{ lib, fetchFromGitHub, pythonPackages, mopidy, unstableGitUpdater }:
pythonPackages.buildPythonApplication rec {
pname = "mopidy-spotify";
version = "5.0.0a2";
pyproject = true;
version = "4.1.1-unstable-2024-02-27";
src = fetchFromGitHub {
owner = "mopidy";
repo = "mopidy-spotify";
rev = "refs/tags/v${version}";
hash = "sha256-QeABG9rQKJ8sIoK38R74N0s5rRG+zws7AZR0xPysdcY=";
rev = "112d4abbb3f5b6477dab796f2824fa42196bfa0a";
hash = "sha256-RkXDzAbOOll3uCNZ2mFRnjqMkT/NkXOGjywLRTC9i60=";
};
build-system = [ pythonPackages.setuptools ];
dependencies = [
propagatedBuildInputs = [
mopidy
pythonPackages.pykka
pythonPackages.requests
pythonPackages.responses
];
optional-dependencies = {
lint = with pythonPackages; [
black
check-manifest
flake8
flake8-bugbear
isort
];
test = with pythonPackages; [
pytest
pytest-cov
responses
];
dev = optional-dependencies.lint ++ optional-dependencies.test ++ [ pythonPackages.tox ];
};
nativeCheckInputs = [ pythonPackages.pytestCheckHook ] ++ optional-dependencies.test;
nativeBuildInputs = [
pythonPackages.pytestCheckHook
];
pythonImportsCheck = [ "mopidy_spotify" ];
passthru = {
updateScript = nix-update-script { };
passthru.updateScript = unstableGitUpdater {
tagPrefix = "v";
};
meta = {
description = "Mopidy extension for playing music from Spotify";
meta = with lib; {
homepage = "https://github.com/mopidy/mopidy-spotify";
changelog = "https://github.com/mopidy/mopidy-spotify/releases/tag/v${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ getchoo ];
description = "Mopidy extension for playing music from Spotify";
license = licenses.asl20;
maintainers = with maintainers; [ ];
};
}
pkgs/applications/audio/mopidy/youtube.nix
+18 -32
View File
@@ -1,10 +1,8 @@
{
lib,
fetchFromGitHub,
python3,
mopidy,
yt-dlp,
extraPkgs ? pkgs: [ ],
{ lib
, fetchFromGitHub
, python3
, mopidy
, extraPkgs ? pkgs: []
}:
python3.pkgs.buildPythonApplication rec {
@@ -19,36 +17,22 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-iFt7r8Ljymc+grNJiOClTHkZOeo7AcYpcNc8tLMPROk=";
};
propagatedBuildInputs =
with python3.pkgs;
[
beautifulsoup4
cachetools
pykka
requests
ytmusicapi
]
++ [
mopidy
yt-dlp
]
++ extraPkgs pkgs;
propagatedBuildInputs = with python3.pkgs; [
beautifulsoup4
cachetools
pykka
requests
youtube-dl
ytmusicapi
] ++ [
mopidy
] ++ extraPkgs pkgs;
nativeCheckInputs = with python3.pkgs; [
vcrpy
pytestCheckHook
];
postPatch = ''
substituteInPlace mopidy_youtube/youtube.py \
--replace-fail 'youtube_dl_package = "youtube_dl"' 'youtube_dl_package = "yt_dlp"'
substituteInPlace tests/conftest.py \
--replace-fail 'import youtube_dl' 'import yt_dlp' \
--replace-fail 'patcher = mock.patch.object(youtube, "youtube_dl", spec=youtube_dl)' \
'patcher = mock.patch.object(youtube, "youtube_dl", spec=yt_dlp)' \
--replace-fail '"youtube_dl_package": "youtube_dl",' '"youtube_dl_package": "yt_dlp",'
'';
disabledTests = [
# Test requires a YouTube API key
"test_get_default_config"
@@ -61,7 +45,9 @@ python3.pkgs.buildPythonApplication rec {
"tests/test_youtube.py"
];
pythonImportsCheck = [ "mopidy_youtube" ];
pythonImportsCheck = [
"mopidy_youtube"
];
meta = with lib; {
description = "Mopidy extension for playing music from YouTube";
pkgs/applications/audio/musikcube/default.nix
+94
View File
@@ -0,0 +1,94 @@
{ asio
, cmake
, curl
, fetchFromGitHub
, ffmpeg
, gnutls
, lame
, lib
, libev
, game-music-emu
, libmicrohttpd
, libopenmpt
, mpg123
, ncurses
, pkg-config
, portaudio
, stdenv
, taglib
# Linux Dependencies
, alsa-lib
, pipewireSupport ? !stdenv.hostPlatform.isDarwin, pipewire
, pulseaudio
, sndioSupport ? true, sndio
, systemd
, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd
# Darwin Dependencies
, Cocoa
, SystemConfiguration
, coreaudioSupport ? stdenv.hostPlatform.isDarwin, CoreAudio
}:
stdenv.mkDerivation rec {
pname = "musikcube";
version = "3.0.2";
src = fetchFromGitHub {
owner = "clangen";
repo = pname;
rev = version;
hash = "sha512-IakZy6XsAE39awjzQI+R11JCPeQSaibx6+uX8Iea5WdlCundeovnPwSAi6RzzZl9dr2UftzzEiF4Aun8VMtqVA==";
};
outputs = [ "out" "dev" ];
nativeBuildInputs = [
cmake
pkg-config
];
buildInputs = [
asio
curl
ffmpeg
gnutls
lame
libev
game-music-emu
libmicrohttpd
libopenmpt
mpg123
ncurses
portaudio
taglib
] ++ lib.optionals systemdSupport [
systemd
] ++ lib.optionals stdenv.isLinux [
alsa-lib pulseaudio
] ++ lib.optionals stdenv.isDarwin [
Cocoa SystemConfiguration
] ++ lib.optionals coreaudioSupport [
CoreAudio
] ++ lib.optionals sndioSupport [
sndio
] ++ lib.optionals pipewireSupport [
pipewire
];
cmakeFlags = [
"-DDISABLE_STRIP=true"
];
postFixup = lib.optionalString stdenv.isDarwin ''
install_name_tool -add_rpath $out/share/${pname} $out/share/${pname}/${pname}
install_name_tool -add_rpath $out/share/${pname} $out/share/${pname}/${pname}d
'';
meta = {
description = "Terminal-based music player, library, and streaming audio server";
homepage = "https://musikcube.com/";
maintainers = with lib.maintainers; [ aanderse afh ];
license = lib.licenses.bsd3;
platforms = lib.platforms.all;
};
}
pkgs/applications/audio/mympd/default.nix
+2 -2
View File
@@ -16,13 +16,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "mympd";
version = "16.0.1";
version = "16.0.0";
src = fetchFromGitHub {
owner = "jcorporation";
repo = "myMPD";
rev = "v${finalAttrs.version}";
sha256 = "sha256-MyVGWdc9ASWWW9CikK06bFYKi1DHyjFxFlMgBLdBwbU=";
sha256 = "sha256-LYD1qjSlwv9wGBrZUaYz6Zcvl2n6cLi2aGycr4ZJWdY=";
};
nativeBuildInputs = [
pkgs/applications/audio/picard/default.nix
+4 -7
View File
@@ -1,7 +1,5 @@
{ lib
# Python 3.12 demonstrates a peculiar segmentation fault with pyqt5. Using
# pyqt6 with Python 3.12 should work, but this is not released yet.
, python311Packages
, python3Packages
, fetchFromGitHub
, chromaprint
@@ -13,7 +11,7 @@
}:
let
pythonPackages = python311Packages;
pythonPackages = python3Packages;
pyqt5 =
if enablePlayback then
pythonPackages.pyqt5-multimedia
@@ -22,15 +20,14 @@ let
in
pythonPackages.buildPythonApplication rec {
pname = "picard";
# nix-update --commit picard --version-regex 'release-(.*)'
version = "2.12";
version = "2.11";
format = "setuptools";
src = fetchFromGitHub {
owner = "metabrainz";
repo = "picard";
rev = "refs/tags/release-${version}";
hash = "sha256-+++NDJzXw4tA5eQd24r+l3UK3YS8Jy1t9WNiEU9sH0Q=";
hash = "sha256-2RGKHJKJ/QXR6Rehch4r1UtI+frRXa4G+n0bUmCGSu8=";
};
nativeBuildInputs = [
pkgs/applications/audio/pt2-clone/default.nix
+2 -6
View File
@@ -22,13 +22,9 @@ stdenv.mkDerivation (finalAttrs: {
postInstall = ''
install -Dm444 "$src/release/other/Freedesktop.org Resources/ProTracker 2 clone.desktop" \
$out/share/applications/pt2-clone.desktop
-t $out/share/applications
install -Dm444 "$src/release/other/Freedesktop.org Resources/ProTracker 2 clone.png" \
$out/share/icons/hicolor/512x512/apps/pt2-clone.png
# gtk-update-icon-cache does not like whitespace. Note that removing this
# will not make the build fail, but it will make the NixOS test fail.
substituteInPlace $out/share/applications/pt2-clone.desktop \
--replace-fail "Icon=ProTracker 2 clone" Icon=pt2-clone
-t $out/share/icons/hicolor/512x512/apps
'';
passthru.tests = {
pkgs/applications/audio/reaper/default.nix
+4 -4
View File
@@ -28,13 +28,13 @@ let
in
stdenv.mkDerivation rec {
pname = "reaper";
version = "7.18";
version = "7.17";
src = fetchurl {
url = url_for_platform version stdenv.hostPlatform.qemuArch;
hash = if stdenv.isDarwin then "sha256-ETvWq+71G4v25F/iUjP7NWJ0QkPMKn7akfBOA7EKzKg=" else {
x86_64-linux = "sha256-kddqIKgTTImbDIFtPqV/6YsnfNYsDPLhcelJIBC4R8s=";
aarch64-linux = "sha256-PNFSifZwH+VzfljyrlQZKZ+NEiiINXnVecOXgn1gY/Q=";
hash = if stdenv.isDarwin then "sha256-4+8MhvQ1LhfyhFCOMBgD4HHt0Oaj25y2U04++JuXxCM=" else {
x86_64-linux = "sha256-q3oTKcFSNec10kT1FlDaf2GS967y38VLq9GsquwN2Lg=";
aarch64-linux = "sha256-5mxVkppm1SjC0C0SFI7uEdPWewNZXlrNAxbaFcNzzbU=";
}.${stdenv.hostPlatform.system};
};
pkgs/applications/audio/sfxr-qt/default.nix
+15 -11
View File
@@ -1,29 +1,41 @@
{ lib
, mkDerivation
, fetchFromGitHub
, fetchpatch
, cmake
, extra-cmake-modules
, qtbase
, qtquickcontrols2
, SDL
, python3
, catch2_3
, catch2
, callPackage
, nixosTests
}:
mkDerivation rec {
pname = "sfxr-qt";
version = "1.5.1";
version = "1.5.0";
src = fetchFromGitHub {
owner = "agateau";
repo = "sfxr-qt";
rev = version;
sha256 = "sha256-JAWDk7mGkPtQ5yaA6UT9hlAy770MHrTBhBP9G8UqFKg=";
sha256 = "sha256-Ce5NJe1f+C4pPmtenHYvtkxste+nPuxJoB+N7K2nyRo=";
fetchSubmodules = true;
};
postPatch = ''
cp ${catch2}/include/catch2/catch.hpp 3rdparty/catch2/single_include/catch2/catch.hpp
'';
# Remove on next release
patches = [(fetchpatch {
name = "sfxr-qr-missing-qpainterpath-include";
url = "https://github.com/agateau/sfxr-qt/commit/ef051f473654052112b647df987eb263e38faf47.patch";
sha256 = "sha256-bqMnxHUzdS5oG/2hfr5MvkpwrtZW+GTN5fS2WpV2W2c=";
})];
nativeBuildInputs = [
cmake
extra-cmake-modules
@@ -36,14 +48,6 @@ mkDerivation rec {
SDL
];
checkInputs = [
catch2_3
];
cmakeFlags = [
(lib.cmakeBool "USE_SYSTEM_CATCH2" true)
];
doCheck = true;
passthru.tests = {
pkgs/applications/audio/snd/default.nix
+2 -2
View File
@@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "snd";
version = "24.5";
version = "24.4";
src = fetchurl {
url = "mirror://sourceforge/snd/snd-${version}.tar.gz";
sha256 = "sha256-Y497KAlUXtWhkrCd1QrqJkvWGwnzZfYRKaALiEo/7EI=";
sha256 = "sha256-nP4ngNUQvveSQBEqXlzYdaqD0SGzTDPwIiWhSabRu+8=";
};
nativeBuildInputs = [ pkg-config ];
pkgs/applications/audio/soundsource/default.nix
+1 -1
View File
@@ -29,7 +29,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
homepage = "https://rogueamoeba.com/soundsource";
license = licenses.unfree;
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
maintainers = with maintainers; [ emilytrau ];
maintainers = with maintainers; [ emilytrau Enzime ];
platforms = platforms.darwin;
};
})
pkgs/applications/audio/spotify-player/default.nix
+5 -7
View File
@@ -24,7 +24,6 @@
, withImage ? true
, withNotify ? true
, withSixel ? true
, withFuzzy ? true
, stdenv
, darwin
, makeBinaryWrapper
@@ -34,16 +33,16 @@ assert lib.assertOneOf "withAudioBackend" withAudioBackend [ "" "alsa" "pulseaud
rustPlatform.buildRustPackage rec {
pname = "spotify-player";
version = "0.19.1";
version = "0.18.2";
src = fetchFromGitHub {
owner = "aome510";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-R8F7s8FPnCe+shNUN/u0qcxFy3IbyfVo2xZ5/E/qwaw=";
hash = "sha256-bLUPQgqSsE9tF5YiFj5B+Ylyy96DhWFNjwqXbQ9H8uc=";
};
cargoHash = "sha256-7vximGisIIXBrwHXSWQjO08OraaweG7ZT6v+gVdYGVc=";
cargoHash = "sha256-rptGA7J63rHdmxuPIguhZYYs8tZbpidJ0fXroBBoEIM=";
nativeBuildInputs = [
pkg-config
@@ -84,8 +83,7 @@ rustPlatform.buildRustPackage rec {
++ lib.optionals withDaemon [ "daemon" ]
++ lib.optionals withNotify [ "notify" ]
++ lib.optionals withStreaming [ "streaming" ]
++ lib.optionals withSixel [ "sixel" ]
++ lib.optionals withFuzzy [ "fzf" ];
++ lib.optionals withSixel [ "sixel" ];
# sixel-sys is dynamically linked to libsixel
postInstall = lib.optionals (stdenv.isDarwin && withSixel) ''
@@ -99,6 +97,6 @@ rustPlatform.buildRustPackage rec {
changelog = "https://github.com/aome510/spotify-player/releases/tag/v${version}";
mainProgram = "spotify_player";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ dit7ya xyven1 _71zenith ];
maintainers = with lib.maintainers; [ dit7ya xyven1 ];
};
}
pkgs/applications/audio/spotify/darwin.nix
+1 -1
View File
@@ -36,6 +36,6 @@ stdenv.mkDerivation {
'';
meta = meta // {
maintainers = with lib.maintainers; [ matteopacini ];
maintainers = with lib.maintainers; [ Enzime ];
};
}
pkgs/applications/backup/ludusavi/default.nix
+3 -3
View File
@@ -23,16 +23,16 @@
rustPlatform.buildRustPackage rec {
pname = "ludusavi";
version = "0.24.3";
version = "0.24.1";
src = fetchFromGitHub {
owner = "mtkennerly";
repo = "ludusavi";
rev = "v${version}";
hash = "sha256-FtLLj5uFcKuRTCSsSuyj0XGzFMVWQvVk4dTmBCmzfNs=";
hash = "sha256-nRNXVJJcpZmAfZwDEBaEFlry1gbITWEw0khtsXnMdm0=";
};
cargoHash = "sha256-xC6HiXt8cfrDtno9IrOe8SP7WBL79paLI223fjxPsbg=";
cargoHash = "sha256-E5TaE4TlRA0wmRUiwFqivs18X6oiBCmeXrPI1GxKFBI=";
nativeBuildInputs = [
cmake
pkgs/applications/blockchains/go-ethereum/default.nix
+3 -3
View File
@@ -9,17 +9,17 @@ let
in buildGoModule rec {
pname = "go-ethereum";
version = "1.14.6";
version = "1.14.5";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "sha256-X9XwVZpRnkp7oVKwyvQbs8ZaWwLkuLEEHNfV5BvfVvI=";
sha256 = "sha256-IY0BKoDRMVRZTIysdUgqhTFQx0Pz+kl61vbPbhSdT8k=";
};
proxyVendor = true;
vendorHash = "sha256-UP+bQM8ydfbILlVhuNPVIKLyXZFTzGmHizn2hYgNE4Y=";
vendorHash = "sha256-vzxtoLlD1RjmKBpMPqcH/AAzk2l/NifpRl4Sp4qBYLg=";
doCheck = false;

Some files were not shown because too many files have changed in this diff Show More